Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide (STIG) V1R9
Rules and Groups employed by this XCCDF Profile
-
Enable Public Key Authentication
Enable SSH login with public keys. <br> The default SSH configuration enables authentication based on public keys. The appropriate configuration is...Rule Medium Severity -
Enable SSH Warning Banner
To enable the warning banner and ensure it is consistent across the system, add or correct the following line in <code>/etc/ssh/sshd_config</code>...Rule Medium Severity -
Use Only FIPS 140-2 Validated Ciphers
Limit the ciphers to those algorithms which are FIPS-approved. The following line in <code>/etc/ssh/sshd_config</code> demonstrates use of FIPS-app...Rule Medium Severity -
Use Only FIPS 140-2 Validated Key Exchange Algorithms
Limit the key exchange algorithms to those which are FIPS-approved. Add or modify the following line in <code>/etc/ssh/sshd_config</code> <pre>Kex...Rule Medium Severity -
Use Only FIPS 140-2 Validated MACs
Limit the MACs to those hash algorithms which are FIPS-approved. The following line in <code>/etc/ssh/sshd_config</code> demonstrates use of FIPS-a...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Capacity
Modules