Skip to content
ATO Pathways
  Log In

Canonical Ubuntu 22.04 LTS Security Technical Implementation Guide (STIG) V2R1

Rules and Groups employed by this XCCDF Profile

  • Verify Owner on the system journal

    Verify the /run/log/journal and /var/log/journal files are owned by "root" by using the following command: <pre> $ sudo find /run/log/journal /var/...
    Rule Medium Severity
    Show

  • Verify Permissions on the journal command

    Verify that the "journalctl" command has a permission set of "740" by using the following command: <pre> $ sudo find /usr/bin/journalctl -exec sta...
    Rule Medium Severity
    Show

  • Verify Permissions on the system journal

    Verify all files in the /run/log/journal and /var/log/journal directories have permissions set to "640" or less permissive by using the following c...
    Rule Medium Severity
    Show

  • Verify ufw Active

    Verify the ufw is enabled on the system with the following command: <pre># sudo ufw status</pre> If the above command returns the status as "inacti...
    Rule Medium Severity
    Show

  • Only Allow Authorized Network Services in ufw

    Check the firewall configuration for any unnecessary or prohibited functions, ports, protocols, and/or services by running the following command: <...
    Rule Medium Severity
    Show

  • ufw Must rate-limit network interfaces

    The operating system must configure the uncomplicated firewall to rate-limit impacted network interfaces. Check all the services listening to the ...
    Rule Medium Severity
    Show

  • Verify Permissions on /etc/audit/audit.rules

    To properly set the permissions of /etc/audit/audit.rules, run the command: 
    $ sudo chmod 0640 /etc/audit/audit.rules
    Rule Medium Severity
    Show

  • Restrict Access to Kernel Message Buffer

    To set the runtime status of the <code>kernel.dmesg_restrict</code> kernel parameter, run the following command: <pre>$ sudo sysctl -w kernel.dmesg...
    Rule Low Severity
    Show

  • Remove the ntp service

    The ntpd service should not be installed.
    Rule Low Severity
    Show

  • Remove the systemd_timesyncd Service

    The systemd_timesyncd service should not be installed.
    Rule Low Severity
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules