I - Mission Critical Classified
Rules and Groups employed by this XCCDF Profile
-
SRG-OS-000071-GPOS-00039
<GroupDescription></GroupDescription>Group -
The Ubuntu operating system must enforce password complexity by requiring that at least one numeric character be used.
<VulnDiscussion>Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, ...Rule Low Severity -
SRG-OS-000072-GPOS-00040
<GroupDescription></GroupDescription>Group -
The Ubuntu operating system must require the change of at least 8 characters when passwords are changed.
<VulnDiscussion>If the Ubuntu operating system allows the user to consecutively reuse extensive portions of passwords, this increases the cha...Rule Low Severity -
SRG-OS-000073-GPOS-00041
<GroupDescription></GroupDescription>Group -
The Ubuntu operating system must encrypt all stored passwords with a FIPS 140-2 approved cryptographic hashing algorithm.
<VulnDiscussion>Passwords need to be protected at all times, and encryption is the standard method for protecting passwords. If passwords are...Rule Medium Severity -
SRG-OS-000074-GPOS-00042
<GroupDescription></GroupDescription>Group -
The Ubuntu operating system must not have the telnet package installed.
<VulnDiscussion>Passwords need to be protected at all times, and encryption is the standard method for protecting passwords. If passwords are...Rule High Severity -
SRG-OS-000075-GPOS-00043
<GroupDescription></GroupDescription>Group -
The Ubuntu operating system must enforce 24 hours/1 day as the minimum password lifetime. Passwords for new users must have a 24 hours/1 day minimum password lifetime restriction.
<VulnDiscussion>Enforcing a minimum password lifetime helps to prevent repeated password changes to defeat the password reuse or history enfo...Rule Low Severity -
SRG-OS-000076-GPOS-00044
<GroupDescription></GroupDescription>Group -
The Ubuntu operating system must enforce a 60-day maximum password lifetime restriction. Passwords for new users must have a 60-day maximum password lifetime restriction.
<VulnDiscussion>Any password, no matter how complex, can eventually be cracked. Therefore, passwords need to be changed periodically. If the ...Rule Low Severity -
SRG-OS-000077-GPOS-00045
<GroupDescription></GroupDescription>Group -
The Ubuntu operating system must prohibit password reuse for a minimum of five generations.
<VulnDiscussion>Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute...Rule Low Severity -
SRG-OS-000078-GPOS-00046
<GroupDescription></GroupDescription>Group -
The Ubuntu operating system must enforce a minimum 15-character password length.
<VulnDiscussion>The shorter the password, the lower the number of possible combinations that need to be tested before the password is comprom...Rule Medium Severity -
SRG-OS-000120-GPOS-00061
<GroupDescription></GroupDescription>Group -
The Ubuntu operating system must employ a FIPS 140-2 approved cryptographic hashing algorithms for all created and stored passwords.
<VulnDiscussion>The Ubuntu operating system must use a FIPS-compliant hashing algorithm to securely store the password. The FIPS-compliant ha...Rule Medium Severity -
SRG-OS-000380-GPOS-00165
<GroupDescription></GroupDescription>Group -
The Ubuntu operating system must allow the use of a temporary password for system logons with an immediate change to a permanent password.
<VulnDiscussion>Without providing this capability, an account may be created without a password. Non-repudiation cannot be guaranteed once an...Rule Medium Severity -
SRG-OS-000480-GPOS-00225
<GroupDescription></GroupDescription>Group -
The Ubuntu operating system must prevent the use of dictionary words for passwords.
<VulnDiscussion>If the Ubuntu operating system allows the user to select passwords based on dictionary words, then this increases the chances...Rule Medium Severity -
SRG-OS-000373-GPOS-00156
<GroupDescription></GroupDescription>Group -
The Ubuntu operating system must require users to re-authenticate for privilege escalation and changing roles.
<VulnDiscussion>Without re-authentication, users may access resources or perform tasks for which they do not have authorization. When the U...Rule Medium Severity -
SRG-OS-000480-GPOS-00225
<GroupDescription></GroupDescription>Group -
The Ubuntu Operating system must be configured so that when passwords are changed or new passwords are established, pwquality must be used.
<VulnDiscussion>Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, ...Rule Medium Severity -
SRG-OS-000138-GPOS-00069
<GroupDescription></GroupDescription>Group -
The Ubuntu operating system must set a sticky bit on all public directories to prevent unauthorized and unintended information transferred via shared system resources.
<VulnDiscussion>Preventing unauthorized information transfers mitigates the risk of information, including encrypted representations of infor...Rule Medium Severity -
SRG-OS-000205-GPOS-00083
<GroupDescription></GroupDescription>Group -
The Ubuntu operating system must generate error messages that provide information necessary for corrective actions without revealing information that could be exploited by adversaries.
<VulnDiscussion>Any operating system providing too much information in error messages risks compromising the data and security of the structu...Rule Medium Severity -
SRG-OS-000206-GPOS-00084
<GroupDescription></GroupDescription>Group -
The Ubuntu operating system must configure the /var/log directory to be group-owned by syslog.
<VulnDiscussion>Only authorized personnel should be aware of errors and the details of the errors. Error messages are an indicator of an orga...Rule Medium Severity -
SRG-OS-000206-GPOS-00084
<GroupDescription></GroupDescription>Group -
The Ubuntu operating system must configure the /var/log directory to be owned by root.
<VulnDiscussion>Only authorized personnel should be aware of errors and the details of the errors. Error messages are an indicator of an orga...Rule Medium Severity -
SRG-OS-000206-GPOS-00084
<GroupDescription></GroupDescription>Group -
The Ubuntu operating system must configure the /var/log directory to have mode 0755 or less permissive.
<VulnDiscussion>Only authorized personnel should be aware of errors and the details of the errors. Error messages are an indicator of an orga...Rule Medium Severity -
SRG-OS-000206-GPOS-00084
<GroupDescription></GroupDescription>Group -
The Ubuntu operating system must configure the /var/log/syslog file to be group-owned by adm.
<VulnDiscussion>Only authorized personnel should be aware of errors and the details of the errors. Error messages are an indicator of an orga...Rule Medium Severity -
SRG-OS-000206-GPOS-00084
<GroupDescription></GroupDescription>Group -
The Ubuntu operating system must configure /var/log/syslog file to be owned by syslog.
<VulnDiscussion>Only authorized personnel should be aware of errors and the details of the errors. Error messages are an indicator of an orga...Rule Medium Severity -
SRG-OS-000206-GPOS-00084
<GroupDescription></GroupDescription>Group -
The Ubuntu operating system must configure /var/log/syslog file with mode 0640 or less permissive.
<VulnDiscussion>Only authorized personnel should be aware of errors and the details of the errors. Error messages are an indicator of an orga...Rule Medium Severity -
SRG-OS-000256-GPOS-00097
<GroupDescription></GroupDescription>Group -
The Ubuntu operating system must configure audit tools with a mode of 0755 or less permissive.
<VulnDiscussion>Protecting audit information also includes identifying and protecting the tools used to view and manipulate log data. Therefo...Rule Medium Severity -
SRG-OS-000256-GPOS-00097
<GroupDescription></GroupDescription>Group -
The Ubuntu operating system must configure audit tools to be owned by root.
<VulnDiscussion>Protecting audit information also includes identifying and protecting the tools used to view and manipulate log data. Therefo...Rule Medium Severity -
SRG-OS-000256-GPOS-00097
<GroupDescription></GroupDescription>Group -
The Ubuntu operating system must configure the audit tools to be group-owned by root.
<VulnDiscussion>Protecting audit information also includes identifying and protecting the tools used to view and manipulate log data. Therefo...Rule Medium Severity -
SRG-OS-000259-GPOS-00100
<GroupDescription></GroupDescription>Group -
The Ubuntu operating system library files must have mode 0755 or less permissive.
<VulnDiscussion>If the operating system were to allow any user to make changes to software libraries, then those changes might be implemented...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.