Skip to content
Log In

Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide (STIG) V1R12

Rules and Groups employed by this XCCDF Profile

  • Record Any Attempts to Run apparmor_parser

    At a minimum, the audit system should collect any execution attempt of the <code>apparmor_parser</code> command for all users and root. If the <code>auditd</code> daemon is configured to use the <c...
    Rule Medium Severity
    Show

  • Ensure auditd Collects Information on the Use of Privileged Commands - chage

    At a minimum, the audit system should collect the execution of privileged commands for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program...
    Rule Medium Severity
    Show

  • Ensure auditd Collects Information on the Use of Privileged Commands - chfn

    At a minimum, the audit system should collect the execution of privileged commands for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program...
    Rule Medium Severity
    Show

  • Ensure auditd Collects Information on the Use of Privileged Commands - chsh

    At a minimum, the audit system should collect the execution of privileged commands for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program...
    Rule Medium Severity
    Show

  • Ensure auditd Collects Information on the Use of Privileged Commands - crontab

    At a minimum, the audit system should collect the execution of privileged commands for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program...
    Rule Medium Severity
    Show

  • Ensure auditd Collects Information on the Use of Privileged Commands - fdisk

    Configure the operating system to audit the execution of the partition management program "fdisk".
    Rule Medium Severity
    Show

  • Ensure auditd Collects Information on the Use of Privileged Commands - gpasswd

    At a minimum, the audit system should collect the execution of privileged commands for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program...
    Rule Medium Severity
    Show

  • Ensure auditd Collects Information on the Use of Privileged Commands - kmod

    At a minimum, the audit system should collect the execution of privileged commands for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program...
    Rule Medium Severity
    Show

  • Ensure auditd Collects Information on the Use of Privileged Commands - modprobe

    At a minimum, the audit system should collect the execution of privileged commands for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program...
    Rule Medium Severity
    Show

  • Ensure auditd Collects Information on the Use of Privileged Commands - mount

    At a minimum, the audit system should collect the execution of privileged commands for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program...
    Rule Medium Severity
    Show

  • Ensure auditd Collects Information on the Use of Privileged Commands - newgrp

    At a minimum, the audit system should collect the execution of privileged commands for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program...
    Rule Medium Severity
    Show

  • Ensure auditd Collects Information on the Use of Privileged Commands - pam_timestamp_check

    At a minimum, the audit system should collect the execution of privileged commands for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program...
    Rule Medium Severity
    Show

  • Ensure auditd Collects Information on the Use of Privileged Commands - passwd

    At a minimum, the audit system should collect the execution of privileged commands for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program...
    Rule Medium Severity
    Show

  • Record Any Attempts to Run ssh-agent

    At a minimum, the audit system should collect any execution attempt of the <code>ssh-agent</code> command for all users and root. If the <code>auditd</code> daemon is configured to use the <code>au...
    Rule Medium Severity
    Show

  • Ensure auditd Collects Information on the Use of Privileged Commands - ssh-keysign

    At a minimum, the audit system should collect the execution of privileged commands for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program...
    Rule Medium Severity
    Show

  • Ensure auditd Collects Information on the Use of Privileged Commands - su

    At a minimum, the audit system should collect the execution of privileged commands for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program...
    Rule Medium Severity
    Show

  • Ensure auditd Collects Information on the Use of Privileged Commands - sudo

    At a minimum, the audit system should collect the execution of privileged commands for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program...
    Rule Medium Severity
    Show

  • Ensure auditd Collects Information on the Use of Privileged Commands - sudoedit

    At a minimum, the audit system should collect the execution of privileged commands for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program...
    Rule Medium Severity
    Show

  • Ensure auditd Collects Information on the Use of Privileged Commands - umount

    At a minimum, the audit system should collect the execution of privileged commands for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program...
    Rule Medium Severity
    Show

  • Ensure auditd Collects Information on the Use of Privileged Commands - unix_update

    At a minimum, the audit system should collect the execution of privileged commands for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program...
    Rule Medium Severity
    Show

  • Ensure auditd Collects Information on the Use of Privileged Commands - usermod

    At a minimum, the audit system should collect the execution of privileged commands for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program...
    Rule Medium Severity
    Show

  • Configure auditd Data Retention

    The audit system writes data to <code>/var/log/audit/audit.log</code>. By default, <code>auditd</code> rotates 5 logs by size (6MB), retaining a maximum of 30MB of data in total, and refuses to wri...
    Group
    Show

  • Configure audispd Plugin To Send Logs To Remote Server

    Configure the audispd plugin to off-load audit records onto a different system or media from the system being audited. First, set the <code>active</code> option in <pre>/etc/audisp/plugins.d/au-re...
    Rule Medium Severity
    Show

  • Configure a Sufficiently Large Partition for Audit Logs

    The Ubuntu 20.04 operating system must allocate audit record storage capacity to store at least one weeks worth of audit records when audit records are not immediately sent to a central audit recor...
    Rule Medium Severity
    Show

  • Configure auditd Disk Full Action when Disk Space Is Full

    The <code>auditd</code> service can be configured to take an action when disk space is running low but prior to running out of space completely. Edit the file <code>/etc/audit/auditd.conf</code>. A...
    Rule Medium Severity
    Show

  • Configure auditd mail_acct Action on Low Disk Space

    The <code>auditd</code> service can be configured to send email to a designated account in certain situations. Add or correct the following line in <code>/etc/audit/auditd.conf</code> to ensure tha...
    Rule Medium Severity
    Show

  • Configure auditd space_left Action on Low Disk Space

    The <code>auditd</code> service can be configured to take an action when disk space <i>starts</i> to run low. Edit the file <code>/etc/audit/auditd.conf</code>. Modify the following line, substitut...
    Rule Medium Severity
    Show

  • Configure auditd space_left on Low Disk Space

    The <code>auditd</code> service can be configured to take an action when disk space is running low but prior to running out of space completely. Edit the file <code>/etc/audit/auditd.conf</code>. A...
    Rule Medium Severity
    Show

  • Offload audit Logs to External Media

    The operating system must have a crontab script running weekly to offload audit events of standalone systems.
    Rule Medium Severity
    Show

  • AppArmor

    Many security vulnerabilities result from bugs in trusted programs. A trusted program runs with privileges that attackers want to possess. The program fails to keep that trust if there is a bug in ...
    Group
    Show

  • Ensure AppArmor is installed

    AppArmor provide Mandatory Access Controls.
    Rule Medium Severity
    Show

  • Ensure AppArmor is Active and Configured

    Verify that the Apparmor tool is configured to control whitelisted applications and user home directory access control.<br> <br> The <code>apparmor</code> service can be enabled with the fo...
    Rule Medium Severity
    Show

  • GRUB2 bootloader configuration

    During the boot process, the boot loader is responsible for starting the execution of the kernel and passing options to it. The boot loader allows for the selection of different kernels - possibly ...
    Group
    Show

  • Non-UEFI GRUB2 bootloader configuration

    Non-UEFI GRUB2 bootloader configuration
    Group
    Show

  • Set Boot Loader Password in grub2

    The grub2 boot loader should have a superuser account and password protection enabled to protect boot-time settings. <br> <br> Since plaintext passwords are a security risk, generate a hash...
    Rule High Severity
    Show

  • UEFI GRUB2 bootloader configuration

    UEFI GRUB2 bootloader configuration
    Group
    Show

  • Set the UEFI Boot Loader Password

    The grub2 boot loader should have a superuser account and password protection enabled to protect boot-time settings. <br> <br> Since plaintext passwords are a security risk, generate a hash...
    Rule High Severity
    Show

  • Configure Syslog

    The syslog service has been the default Unix logging mechanism for many years. It has a number of downsides, including inconsistent log format, lack of authentication for received messages, and lac...
    Group
    Show

  • Enable rsyslog Service

    The <code>rsyslog</code> service provides syslog-style logging by default on Ubuntu 20.04. The <code>rsyslog</code> service can be enabled with the following command: <pre>$ sudo systemctl enable ...
    Rule Medium Severity
    Show

  • Ensure real-time clock is set to UTC

    Ensure that the system real-time clock (RTC) is set to Coordinated Universal Time (UTC).
    Rule High Severity
    Show

  • Ensure Proper Configuration of Log Files

    The file <code>/etc/rsyslog.conf</code> controls where log message are written. These are controlled by lines called <i>rules</i>, which consist of a <i>selector</i> and an <i>action</i>. These rul...
    Group
    Show

  • Ensure remote access methods are monitored in Rsyslog

    Logging of remote access methods must be implemented to help identify cyber attacks and ensure ongoing compliance with remote access policies are being audited and upheld. An examples of a remote a...
    Rule Medium Severity
    Show

  • Network Configuration and Firewalls

    Most systems must be connected to a network of some sort, and this brings with it the substantial risk of network attack. This section discusses the security impact of decisions about networking wh...
    Group
    Show

  • Kernel Parameters Which Affect Networking

    The sysctl utility is used to set parameters which affect the operation of the Linux kernel. Kernel parameters which affect networking and have security implications are described here.
    Group
    Show

  • Network Related Kernel Runtime Parameters for Hosts and Routers

    Certain kernel parameters should be set for systems which are acting as either hosts or routers to improve the system's ability defend against certain types of IPv4 protocol attacks.
    Group
    Show

  • Enable Kernel Parameter to Use TCP Syncookies on Network Interfaces

    To set the runtime status of the <code>net.ipv4.tcp_syncookies</code> kernel parameter, run the following command: <pre>$ sudo sysctl -w net.ipv4.tcp_syncookies=1</pre> To make sure that the settin...
    Rule Medium Severity
    Show

  • Uncomplicated Firewall (ufw)

    The Linux kernel in Ubuntu provides a packet filtering system called netfilter, and the traditional interface for manipulating netfilter are the iptables suite of commands. iptables provide a compl...
    Group
    Show

  • Install ufw Package

    The ufw package can be installed with the following command: 
    $ apt-get install ufw
    Rule Medium Severity
    Show

  • Verify ufw Enabled

    The ufw service can be enabled with the following command: 
    $ sudo systemctl enable ufw.service
    Rule Medium Severity
    Show

  • Only Allow Authorized Network Services in ufw

    Check the firewall configuration for any unnecessary or prohibited functions, ports, protocols, and/or services by running the following command: <pre>$ sudo ufw show raw Chain OUTPUT (policy ACCEP...
    Rule Medium Severity
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules