Skip to content

III - Administrative Classified

Rules and Groups employed by this XCCDF Profile

  • SRG-OS-000076-GPOS-00044

    <GroupDescription></GroupDescription>
    Group
  • The Ubuntu operating system must enforce a 60-day maximum password lifetime restriction. Passwords for new users must have a 60-day maximum password lifetime restriction.

    &lt;VulnDiscussion&gt;Any password, no matter how complex, can eventually be cracked. Therefore, passwords need to be changed periodically. If the ...
    Rule Low Severity
  • SRG-OS-000077-GPOS-00045

    <GroupDescription></GroupDescription>
    Group
  • The Ubuntu operating system must prohibit password reuse for a minimum of five generations.

    &lt;VulnDiscussion&gt;Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute...
    Rule Low Severity
  • SRG-OS-000078-GPOS-00046

    <GroupDescription></GroupDescription>
    Group
  • The Ubuntu operating system must enforce a minimum 15-character password length.

    &lt;VulnDiscussion&gt;The shorter the password, the lower the number of possible combinations that need to be tested before the password is comprom...
    Rule Medium Severity
  • SRG-OS-000120-GPOS-00061

    <GroupDescription></GroupDescription>
    Group
  • The Ubuntu operating system must employ a FIPS 140-2 approved cryptographic hashing algorithms for all created and stored passwords.

    &lt;VulnDiscussion&gt;The Ubuntu operating system must use a FIPS-compliant hashing algorithm to securely store the password. The FIPS-compliant ha...
    Rule Medium Severity
  • SRG-OS-000380-GPOS-00165

    <GroupDescription></GroupDescription>
    Group
  • The Ubuntu operating system must allow the use of a temporary password for system logons with an immediate change to a permanent password.

    &lt;VulnDiscussion&gt;Without providing this capability, an account may be created without a password. Non-repudiation cannot be guaranteed once an...
    Rule Medium Severity
  • SRG-OS-000480-GPOS-00225

    <GroupDescription></GroupDescription>
    Group
  • The Ubuntu operating system must prevent the use of dictionary words for passwords.

    &lt;VulnDiscussion&gt;If the Ubuntu operating system allows the user to select passwords based on dictionary words, then this increases the chances...
    Rule Medium Severity
  • SRG-OS-000373-GPOS-00156

    <GroupDescription></GroupDescription>
    Group
  • The Ubuntu operating system must require users to re-authenticate for privilege escalation and changing roles.

    &lt;VulnDiscussion&gt;Without re-authentication, users may access resources or perform tasks for which they do not have authorization. When the U...
    Rule Medium Severity
  • SRG-OS-000480-GPOS-00225

    <GroupDescription></GroupDescription>
    Group
  • The Ubuntu Operating system must be configured so that when passwords are changed or new passwords are established, pwquality must be used.

    &lt;VulnDiscussion&gt;Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, ...
    Rule Medium Severity
  • SRG-OS-000138-GPOS-00069

    <GroupDescription></GroupDescription>
    Group
  • The Ubuntu operating system must set a sticky bit on all public directories to prevent unauthorized and unintended information transferred via shared system resources.

    &lt;VulnDiscussion&gt;Preventing unauthorized information transfers mitigates the risk of information, including encrypted representations of infor...
    Rule Medium Severity
  • SRG-OS-000205-GPOS-00083

    <GroupDescription></GroupDescription>
    Group
  • The Ubuntu operating system must generate error messages that provide information necessary for corrective actions without revealing information that could be exploited by adversaries.

    &lt;VulnDiscussion&gt;Any operating system providing too much information in error messages risks compromising the data and security of the structu...
    Rule Medium Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules