Skip to content

Canonical Ubuntu 22.04 LTS Security Technical Implementation Guide (STIG) V2R1

Rules and Groups employed by this XCCDF Profile

  • Verify that 'use_mappers' is set to 'pwent' in PAM

    The operating system must map the authenticated identity to the user or group account for PKI-based authentication. Verify that <code>use_mappers</code> is set to <code>pwent</code> in <code>/etc/...
    Rule Low Severity
  • Assign Expiration Date to Temporary Accounts

    Temporary accounts are established as part of normal account activation procedures when there is a need for short-term accounts. In the event temporary accounts are required, configure the system t...
    Rule Medium Severity
  • Ensure sudo group has only necessary members

    Developers and implementers can increase the assurance in security functions by employing well-defined security policy models; structured, disciplined, and rigorous hardware and software developmen...
    Rule Medium Severity
  • Ensure no duplicate UIDs exist

    Although the useradd program will not let you create a duplicate User ID (UID), it is possible for an administrator to manually edit the /etc/passwd file and change the UID field. Users must be ass...
    Rule Medium Severity
  • Verify group-owner of system journal directories

    Verify the /run/log/journal and /var/log/journal directories are group-owned by "systemd-journal" by using the following command: <pre> $ sudo find /run/log/journal /var/log/journal -type d -exec ...
    Rule Medium Severity
  • Verify owner of system journal directories

    Verify the /run/log/journal and /var/log/journal directories are owned by "root" by using the following command: <pre> $ sudo find /run/log/journal /var/log/journal -type d -exec stat -c "%n %U" {...
    Rule Medium Severity
  • Verify Permissions on the system journal directories

    Verify the /run/log/journal and /var/log/journal directories have permissions set to "2750" or less permissive by using the following command: <pre> $ sudo find /run/log/journal /var/log/journal -...
    Rule Medium Severity
  • Verify Groupowner on the journalctl command

    Verify that the "journalctl" command is group-owned by "root" by using the following command: <pre> $ sudo find /usr/bin/journalctl -exec stat -c "%n %G" {} \; </pre> If any output returned is not ...
    Rule Medium Severity
  • Verify Group Who Owns the system journal

    Verify the /run/log/journal and /var/log/journal files are group-owned by "systemd-journal" by using the following command: <pre> $ sudo find /run/log/journal /var/log/journal -type f -exec stat -...
    Rule Medium Severity
  • Verify Owner on the journalctl Command

    Verify that the "journalctl" command is owned by "root" by using the following command: <pre> $ sudo find /usr/bin/journalctl -exec stat -c "%n %U" {} \; </pre> If any output returned is not owned ...
    Rule Medium Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules