Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide (STIG) V1R12
Rules and Groups employed by this XCCDF Profile
-
Enable Smart Card Logins in PAM
This requirement only applies to components where this is specific to the function of the device or has the concept of an organizational user (e.g., VPN, proxy capability). This does not apply to a...Rule Medium Severity -
Verify that 'use_mappers' is set to 'pwent' in PAM
The operating system must map the authenticated identity to the user or group account for PKI-based authentication. Verify that <code>use_mappers</code> is set to <code>pwent</code> in <code>/etc/...Rule Low Severity -
Protect Accounts by Restricting Password-Based Login
Conventionally, Unix shell accounts are accessed by providing a username and password to a login program, which tests these values for correctness using the <code>/etc/passwd</code> and <code>/etc/...Group -
Set Account Expiration Parameters
Accounts can be configured to be automatically disabled after a certain time period, meaning that they will require administrator interaction to become usable again. Expiration of accounts after in...Group -
Set Account Expiration Following Inactivity
To specify the number of days after a password expires (which signifies inactivity) until an account is permanently disabled, add or correct the following line in <code>/etc/default/useradd</code>:...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Capacity
Modules