Canonical Ubuntu 22.04 LTS Security Technical Implementation Guide (STIG) V2R1
Rules and Groups employed by this XCCDF Profile
-
Verify that 'use_mappers' is set to 'pwent' in PAM
The operating system must map the authenticated identity to the user or group account for PKI-based authentication. Verify that <code>use_mappers<...Rule Low Severity -
Assign Expiration Date to Temporary Accounts
Temporary accounts are established as part of normal account activation procedures when there is a need for short-term accounts. In the event tempo...Rule Medium Severity -
Ensure sudo group has only necessary members
Developers and implementers can increase the assurance in security functions by employing well-defined security policy models; structured, discipli...Rule Medium Severity -
Ensure no duplicate UIDs exist
Although the useradd program will not let you create a duplicate User ID (UID), it is possible for an administrator to manually edit the /etc/passw...Rule Medium Severity -
Verify group-owner of system journal directories
Verify the /run/log/journal and /var/log/journal directories are group-owned by "systemd-journal" by using the following command: <pre> $ sudo find...Rule Medium Severity -
Verify owner of system journal directories
Verify the /run/log/journal and /var/log/journal directories are owned by "root" by using the following command: <pre> $ sudo find /run/log/journal...Rule Medium Severity -
Verify Permissions on the system journal directories
Verify the /run/log/journal and /var/log/journal directories have permissions set to "2750" or less permissive by using the following command: <pre...Rule Medium Severity -
Verify Groupowner on the journalctl command
Verify that the "journalctl" command is group-owned by "root" by using the following command: <pre> $ sudo find /usr/bin/journalctl -exec stat -c "...Rule Medium Severity -
Verify Group Who Owns the system journal
Verify the /run/log/journal and /var/log/journal files are group-owned by "systemd-journal" by using the following command: <pre> $ sudo find /run/...Rule Medium Severity -
Verify Owner on the journalctl Command
Verify that the "journalctl" command is owned by "root" by using the following command: <pre> $ sudo find /usr/bin/journalctl -exec stat -c "%n %U"...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Capacity
Modules