Skip to content
Log In

Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide (STIG) V1R12

Rules and Groups employed by this XCCDF Profile

  • Verify '/proc/sys/crypto/fips_enabled' exists

    On a system where FIPS 140-2 mode is enabled, <code>/proc/sys/crypto/fips_enabled</code> must exist. To verify FIPS mode, run the following command: <pre>cat /proc/sys/crypto/fips_enabled</pre> ...
    Rule High Severity
    Show

  • Endpoint Protection Software

    Endpoint protection security software that is not provided or supported by Canonical can be installed to provide complementary or duplicative security capabilities to those provided by the base p...
    Group
    Show

  • McAfee Endpoint Security Software

    In DoD environments, McAfee Host-based Security System (HBSS) and VirusScan Enterprise for Linux (VSEL) is required to be installed on all systems.
    Group
    Show

  • McAfee Endpoint Security for Linux (ENSL)

    McAfee Endpoint Security for Linux (ENSL) is a suite of software applications used to monitor, detect, and defend computer networks and systems.
    Group
    Show

  • Install McAfee Endpoint Security for Linux (ENSL)

    Install McAfee Endpoint Security for Linux antivirus software which is provided for DoD systems and uses signatures to search for the presence of viruses on the filesystem. The <code>mfetp</code> ...
    Rule Medium Severity
    Show

  • Disk Partitioning

    To ensure separation and protection of data, there are top-level system directories which should be placed on their own physical partition or logical volume. The installer's default partitioning sc...
    Group
    Show

  • Encrypt Partitions

    Ubuntu 20.04 natively supports partition encryption through the Linux Unified Key Setup-on-disk-format (LUKS) technology. The easiest way to encrypt a partition is during installation time. <br> ...
    Rule High Severity
    Show

  • GNOME Desktop Environment

    GNOME is a graphical desktop environment bundled with many Linux distributions that allow users to easily interact with the operating system graphically rather than textually. The GNOME Graphical D...
    Group
    Show

  • Configure GNOME3 DConf User Profile

    By default, DConf provides a standard user profile. This profile contains a list of DConf configuration databases. The user profile and database always take the highest priority. As such the DConf ...
    Rule High Severity
    Show

  • Configure GNOME Screen Locking

    In the default GNOME3 desktop, the screen can be locked by selecting the user name in the far right corner of the main panel and selecting <b>Lock</b>. <br> <br> The following sections deta...
    Group
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules