Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide (STIG) V1R9
Rules and Groups employed by this XCCDF Profile
-
Ensure auditd Collects Information on the Use of Privileged Commands - pam_timestamp_check
At a minimum, the audit system should collect the execution of privileged commands for all users and root. If the <code>auditd</code> daemon is con...Rule Medium Severity -
Ensure auditd Collects Information on the Use of Privileged Commands - passwd
At a minimum, the audit system should collect the execution of privileged commands for all users and root. If the <code>auditd</code> daemon is con...Rule Medium Severity -
Record Any Attempts to Run ssh-agent
At a minimum, the audit system should collect any execution attempt of the <code>ssh-agent</code> command for all users and root. If the <code>audi...Rule Medium Severity -
Ensure auditd Collects Information on the Use of Privileged Commands - ssh-keysign
At a minimum, the audit system should collect the execution of privileged commands for all users and root. If the <code>auditd</code> daemon is con...Rule Medium Severity -
Ensure auditd Collects Information on the Use of Privileged Commands - su
At a minimum, the audit system should collect the execution of privileged commands for all users and root. If the <code>auditd</code> daemon is con...Rule Medium Severity -
Ensure auditd Collects Information on the Use of Privileged Commands - sudo
At a minimum, the audit system should collect the execution of privileged commands for all users and root. If the <code>auditd</code> daemon is con...Rule Medium Severity -
Ensure auditd Collects Information on the Use of Privileged Commands - sudoedit
At a minimum, the audit system should collect the execution of privileged commands for all users and root. If the <code>auditd</code> daemon is con...Rule Medium Severity -
Ensure auditd Collects Information on the Use of Privileged Commands - umount
At a minimum, the audit system should collect the execution of privileged commands for all users and root. If the <code>auditd</code> daemon is con...Rule Medium Severity -
Ensure auditd Collects Information on the Use of Privileged Commands - unix_update
At a minimum, the audit system should collect the execution of privileged commands for all users and root. If the <code>auditd</code> daemon is con...Rule Medium Severity -
Ensure auditd Collects Information on the Use of Privileged Commands - usermod
At a minimum, the audit system should collect the execution of privileged commands for all users and root. If the <code>auditd</code> daemon is con...Rule Medium Severity -
Configure auditd Data Retention
The audit system writes data to <code>/var/log/audit/audit.log</code>. By default, <code>auditd</code> rotates 5 logs by size (6MB), retaining a ma...Group -
Configure audispd Plugin To Send Logs To Remote Server
Configure the audispd plugin to off-load audit records onto a different system or media from the system being audited. First, set the <code>active...Rule Medium Severity -
Configure a Sufficiently Large Partition for Audit Logs
The Ubuntu 20.04 operating system must allocate audit record storage capacity to store at least one weeks worth of audit records when audit records...Rule Medium Severity -
Configure auditd Disk Full Action when Disk Space Is Full
The <code>auditd</code> service can be configured to take an action when disk space is running low but prior to running out of space completely. Ed...Rule Medium Severity -
Configure auditd mail_acct Action on Low Disk Space
The <code>auditd</code> service can be configured to send email to a designated account in certain situations. Add or correct the following line in...Rule Medium Severity -
Configure auditd space_left Action on Low Disk Space
The <code>auditd</code> service can be configured to take an action when disk space <i>starts</i> to run low. Edit the file <code>/etc/audit/auditd...Rule Medium Severity -
Configure auditd space_left on Low Disk Space
The <code>auditd</code> service can be configured to take an action when disk space is running low but prior to running out of space completely. Ed...Rule Medium Severity -
Offload audit Logs to External Media
The operating system must have a crontab script running weekly to offload audit events of standalone systems.Rule Medium Severity -
AppArmor
Many security vulnerabilities result from bugs in trusted programs. A trusted program runs with privileges that attackers want to possess. The prog...Group -
Ensure AppArmor is installed
AppArmor provide Mandatory Access Controls.Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.