Canonical Ubuntu 22.04 LTS Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
Ubuntu 22.04 LTS must display the Standard Mandatory DOD Notice and Consent Banner before granting local access to the system via a graphical user logon.
<VulnDiscussion>Display of a standardized and approved use notification before granting access to Ubuntu 22.04 LTS ensures privacy and securi...Rule Medium Severity -
SRG-OS-000028-GPOS-00009
<GroupDescription></GroupDescription>Group -
Ubuntu 22.04 LTS must retain a user's session lock until that user reestablishes access using established identification and authentication procedures.
<VulnDiscussion>A session lock is a temporary action taken when a user stops work and moves away from the immediate physical vicinity of the ...Rule Medium Severity -
SRG-OS-000029-GPOS-00010
<GroupDescription></GroupDescription>Group -
Ubuntu 22.04 LTS must initiate a graphical session lock after 15 minutes of inactivity.
<VulnDiscussion>A session lock is a temporary action taken when a user stops work and moves away from the immediate physical vicinity of the ...Rule Medium Severity -
SRG-OS-000480-GPOS-00227
<GroupDescription></GroupDescription>Group -
SRG-OS-000134-GPOS-00068
<GroupDescription></GroupDescription>Group -
Ubuntu 22.04 LTS must disable automatic mounting of Universal Serial Bus (USB) mass storage driver.
<VulnDiscussion>Without authenticating devices, unidentified or unknown devices may be introduced, thereby facilitating malicious activity. ...Rule Medium Severity -
SRG-OS-000481-GPOS-00481
<GroupDescription></GroupDescription>Group -
Ubuntu 22.04 LTS must disable all wireless network adapters.
<VulnDiscussion>Without protection of communications with wireless peripherals, confidentiality and integrity may be compromised because unpr...Rule Medium Severity -
SRG-OS-000109-GPOS-00056
<GroupDescription></GroupDescription>Group -
Ubuntu 22.04 LTS must prevent direct login into the root account.
<VulnDiscussion>To ensure individual accountability and prevent unauthorized access, organizational users must be individually identified and...Rule Medium Severity -
SRG-OS-000104-GPOS-00051
<GroupDescription></GroupDescription>Group -
Ubuntu 22.04 LTS must uniquely identify interactive users.
<VulnDiscussion>To ensure accountability and prevent unauthenticated access, organizational users must be identified and authenticated to pre...Rule Medium Severity -
SRG-OS-000075-GPOS-00043
<GroupDescription></GroupDescription>Group -
Ubuntu 22.04 LTS must enforce 24 hours/one day as the minimum password lifetime. Passwords for new users must have a 24 hours/one day minimum password lifetime restriction.
<VulnDiscussion>Enforcing a minimum password lifetime helps to prevent repeated password changes to defeat the password reuse or history enfo...Rule Medium Severity -
SRG-OS-000076-GPOS-00044
<GroupDescription></GroupDescription>Group -
Ubuntu 22.04 LTS must enforce a 60-day maximum password lifetime restriction. Passwords for new users must have a 60-day maximum password lifetime restriction.
<VulnDiscussion>Any password, no matter how complex, can eventually be cracked. Therefore, passwords need to be changed periodically. If the ...Rule Medium Severity -
SRG-OS-000118-GPOS-00060
<GroupDescription></GroupDescription>Group -
Ubuntu 22.04 LTS must automatically expire temporary accounts within 72 hours.
<VulnDiscussion>Temporary accounts are privileged or nonprivileged accounts established during pressing circumstances, such as new software o...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.