Canonical Ubuntu 22.04 LTS Security Technical Implementation Guide (STIG) V2R1
Rules and Groups employed by this XCCDF Profile
-
Ensure auditd Collects System Administrator Actions - /etc/sudoers
At a minimum, the audit system should collect administrator actions for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit ...Rule Medium Severity -
Ensure auditd Collects System Administrator Actions - /etc/sudoers.d/
At a minimum, the audit system should collect administrator actions for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit ...Rule Medium Severity -
Ensure auditd Collects records for events that affect "/var/log/journal"
Auditing the systemd journal files provides logging that can be used for forensic purposes. Verify the system generates audit records for all events that affect "/var/log/journal" by using the foll...Rule Medium Severity -
System Audit Logs Must Be Group Owned By Root
All audit logs must be group owned by root user. Determine where the audit logs are stored with the following command: <pre>$ sudo grep -iw log_file /etc/audit/auditd.conf log_file = /var/log/audi...Rule Medium Severity -
System Audit Logs Must Have Mode 0600 or Less Permissive
Determine where the audit logs are stored with the following command: <pre>$ sudo grep -iw log_file /etc/audit/auditd.conf log_file = /var/log/audit/audit.log</pre> Using the path of the directory...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Capacity
Modules