Canonical Ubuntu 22.04 LTS Security Technical Implementation Guide (STIG) V2R1
Rules and Groups employed by this XCCDF Profile
-
Enable SSH Warning Banner
To enable the warning banner and ensure it is consistent across the system, add or correct the following line in <code>/etc/ssh/sshd_config</code>...Rule Medium Severity -
Use Only FIPS 140-2 Validated Ciphers
Limit the ciphers to those algorithms which are FIPS-approved. The following line in <code>/etc/ssh/sshd_config</code> demonstrates use of FIPS-app...Rule Medium Severity -
System Security Services Daemon
The System Security Services Daemon (SSSD) is a system daemon that provides access to different identity and authentication providers such as Red H...Group -
Configure SSSD to Expire Offline Credentials
SSSD should be configured to expire offline credentials after 1 day. To configure SSSD to expire offline credentials, set <code>offline_credential...Rule Medium Severity -
Configure AIDE To Notify Personnel if Baseline Configurations Are Altered
The operating system file integrity tool must be configured to notify designated personnel of any changes to configurations.Rule Medium Severity -
Set GNOME3 Screensaver Inactivity Timeout
The idle time-out value for inactivity in the GNOME3 desktop is configured via the <code>idle-delay</code> setting must be set under an appropriate...Rule Medium Severity -
Install pam_pwquality Package
Thelibpam-pwqualitypackage can be installed with the following command:$ apt-get install libpam-pwquality
Rule Medium Severity -
Enforce Delay After Failed Logon Attempts
To configure the system to introduce a delay after failed logon attempts, add or correct the <code>pam_faildelay</code> settings in <code>/etc/pam....Rule Medium Severity -
Do Not Show System Messages When Unsuccessful Logon Attempts Occur
This rule ensures the system prevents informative messages from being presented to the user pertaining to logon information after a number of incor...Rule Medium Severity -
Ensure PAM Enforces Password Requirements - Prevent the Use of Dictionary Words
The pam_pwquality module's <code>dictcheck</code> check if passwords contains dictionary words. When <code>dictcheck</code> is set to <code>1</code...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.