Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide (STIG) V1R9
Rules and Groups employed by this XCCDF Profile
-
Set the UEFI Boot Loader Password
The grub2 boot loader should have a superuser account and password protection enabled to protect boot-time settings. <br><br> Since plaintext passw...Rule High Severity -
Configure Syslog
The syslog service has been the default Unix logging mechanism for many years. It has a number of downsides, including inconsistent log format, lac...Group -
Enable rsyslog Service
The <code>rsyslog</code> service provides syslog-style logging by default on Ubuntu 20.04. The <code>rsyslog</code> service can be enabled with th...Rule Medium Severity -
Ensure real-time clock is set to UTC
Ensure that the system real-time clock (RTC) is set to Coordinated Universal Time (UTC).Rule High Severity -
Ensure Proper Configuration of Log Files
The file <code>/etc/rsyslog.conf</code> controls where log message are written. These are controlled by lines called <i>rules</i>, which consist of...Group
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Capacity
Modules