Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
The Ubuntu operating system must configure the /var/log directory to have mode "0755" or less permissive.
Only authorized personnel should be aware of errors and the details of the errors. Error messages are an indicator of an organization's operational state or can identify the operating system or pla...Rule Medium Severity -
The Ubuntu operating system must have directories that contain system commands set to a mode of 0755 or less permissive.
Protecting audit information also includes identifying and protecting the tools used to view and manipulate log data. Therefore, protecting audit tools is necessary to prevent unauthorized operatio...Rule Medium Severity -
The Ubuntu operating system must have directories that contain system commands group-owned by root.
Protecting audit information also includes identifying and protecting the tools used to view and manipulate log data. Therefore, protecting audit tools is necessary to prevent unauthorized operatio...Rule Medium Severity -
The Ubuntu operating system library directories must have mode 0755 or less permissive.
If the operating system were to allow any user to make changes to software libraries, then those changes might be implemented without undergoing the appropriate testing and approvals that are part...Rule Medium Severity -
The Ubuntu operating system library directories must be owned by root.
If the operating system were to allow any user to make changes to software libraries, then those changes might be implemented without undergoing the appropriate testing and approvals that are part...Rule Medium Severity -
The Ubuntu operating system must have an application firewall installed in order to control remote access methods.
Remote access services, such as those providing remote access to network devices and information systems, which lack automated control capabilities, increase risk and make remote user access manage...Rule Medium Severity -
The Ubuntu operating system must enable and run the uncomplicated firewall(ufw).
Remote access services, such as those providing remote access to network devices and information systems, which lack automated control capabilities, increase risk and make remote user access manage...Rule Medium Severity -
The Ubuntu operating system must be configured to use AppArmor.
Control of program execution is a mechanism used to prevent execution of unauthorized programs. Some operating systems may provide a capability that runs counter to the mission or provides users wi...Rule Medium Severity -
The Ubuntu operating system must implement NIST FIPS-validated cryptography to protect classified information and for the following: To provision digital signatures, to generate cryptographic hashes, and to protect unclassified information requiring confidentiality and cryptographic protection in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards.
Use of weak or untested encryption algorithms undermines the purposes of utilizing encryption to protect data. The operating system must implement cryptographic modules adhering to the higher stand...Rule High Severity -
The Ubuntu operating system must implement nonexecutable data to protect its memory from unauthorized code execution.
Some adversaries launch attacks with the intent of executing code in nonexecutable regions of memory or in memory locations that are prohibited. Security safeguards employed to protect memory inclu...Rule Medium Severity -
The Ubuntu operating system must display the date and time of the last successful account logon upon logon.
Configuration settings are the set of parameters that can be changed in hardware, software, or firmware components of the system that affect the security posture and/or functionality of the system....Rule Low Severity -
The Ubuntu operating system must have system commands set to a mode of 0755 or less permissive.
If the Ubuntu operating system were to allow any user to make changes to software libraries, then those changes might be implemented without undergoing the appropriate testing and approvals that ar...Rule Medium Severity -
The Ubuntu operating system must have system commands group-owned by root or a system account.
If the Ubuntu operating system were to allow any user to make changes to software libraries, then those changes might be implemented without undergoing the appropriate testing and approvals that ar...Rule Medium Severity -
The Ubuntu operating system must disable the x86 Ctrl-Alt-Delete key sequence if a graphical user interface is installed.
A locally logged-on user who presses Ctrl-Alt-Delete, when at the console, can reboot the system. If accidentally pressed, as could happen in the case of a mixed OS environment, this can create the...Rule High Severity -
The Ubuntu operating system must disable all wireless network adapters.
Without protection of communications with wireless peripherals, confidentiality and integrity may be compromised because unprotected communications can be intercepted and either read, altered, or u...Rule Medium Severity -
SRG-OS-000259-GPOS-00100
Group -
SRG-OS-000063-GPOS-00032
Group -
SRG-OS-000002-GPOS-00002
Group -
SRG-OS-000023-GPOS-00006
Group -
SRG-OS-000023-GPOS-00006
Group
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.