Detections
Analytics

DISA Canonical Ubuntu 24.04 LTS STIG v1r1

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: DISA Canonical Ubuntu 24.04 LTS STIG v1r1

Updated: 9/19/2025

Authority: DISA STIG

Plugin: Unix

Revision: 1.2

Estimated Item Count: 189

File Details

Filename: DISA_STIG_Canonical_Ubuntu_24.04_LTS_v1r1.audit

Size: 439 kB

MD5: feb1759aa2978efb1668cdf82261f438
SHA256: 9adad306031254a588a44ab1b6b86866aa4ed99688dcc031294009f0e136b78e

Audit Items

DescriptionCategories
DISA_Canonical_Ubuntu_24.04_LTS_STIG_v1r1.audit from DISA Canonical Ubuntu 24.04 LTS STIG v1r1
UBTU-24-90890 - Ubuntu 24.04 LTS must use cryptographic mechanisms to protect the integrity of audit tools.
UBTU-24-100010 - Ubuntu 24.04 LTS must not have the "systemd-timesyncd" package installed.
UBTU-24-100020 - Ubuntu 24.04 LTS must not have the "ntp" package installed.
UBTU-24-100030 - Ubuntu 24.04 LTS must not have the telnet package installed.
UBTU-24-100040 - Ubuntu 24.04 LTS must not have the rsh-server package installed.
UBTU-24-100100 - Ubuntu 24.04 LTS must use a file integrity tool to verify correct operation of all security functions.
UBTU-24-100110 - Ubuntu 24.04 LTS must configure AIDE to preform file integrity checking on the file system.
UBTU-24-100120 - Ubuntu 24.04 LTS must be configured so that the script which runs each 30 days or less to check file integrity is the default one.
UBTU-24-100130 - Ubuntu 24.04 LTS must notify designated personnel if baseline configurations are changed in an unauthorized manner. The file integrity tool must notify the system administrator (SA) when changes to the baseline configuration or anomalies in the operation of any security functions are discovered.
UBTU-24-100200 - Ubuntu 24.04 LTS must be configured to preserve log records from failure events.
UBTU-24-100300 - Ubuntu 24.04 LTS must have an application firewall installed in order to control remote access methods.
UBTU-24-100310 - Ubuntu 24.04 LTS must enable and run the Uncomplicated Firewall (ufw).
UBTU-24-100400 - Ubuntu 24.04 LTS must have the "auditd" package installed.
UBTU-24-100410 - Ubuntu 24.04 LTS must produce audit records and reports containing information to establish when, where, what type, the source, and the outcome for all DOD-defined auditable events and actions in near real time.
UBTU-24-100450 - Ubuntu 24.04 LTS audit event multiplexor must be configured to offload audit logs onto a different system or storage media from the system being audited.
UBTU-24-100500 - Ubuntu 24.04 LTS must have AppArmor installed.
UBTU-24-100510 - Ubuntu 24.04 LTS must be configured to use AppArmor.
UBTU-24-100600 - Ubuntu 24.04 LTS must have the "libpam-pwquality" package installed.
UBTU-24-100650 - Ubuntu 24.04 LTS must have the "SSSD" package installed.
UBTU-24-100660 - Ubuntu 24.04 LTS must use the "SSSD" package for multifactor authentication services.
UBTU-24-100700 - Ubuntu 24.04 LTS must have the "chrony" package installed.
UBTU-24-100800 - Ubuntu 24.04 LTS must have SSH installed.
UBTU-24-100810 - Ubuntu 24.04 LTS must use SSH to protect the confidentiality and integrity of transmitted information.
UBTU-24-100820 - Ubuntu 24.04 LTS must configure the SSH daemon to use FIPS 140-3 approved ciphers to prevent the unauthorized disclosure of information and/or detect changes to information during transmission.
UBTU-24-100830 - Ubuntu 24.04 LTS must configure the SSH daemon to use Message Authentication Codes (MACs) employing FIPS 140-3 approved cryptographic hashes to prevent the unauthorized disclosure of information and/or detect changes to information during transmission.
UBTU-24-100840 - Ubuntu 24.04 LTS SSH server must be configured to use only FIPS 140-3 validated key exchange algorithms.
UBTU-24-100850 - Ubuntu 24.04 LTS must configure the SSH client to use FIPS 140-3 approved ciphers to prevent the unauthorized disclosure of information and/or detect changes to information during transmission.
UBTU-24-100860 - Ubuntu 24.04 LTS SSH client must be configured to use only Message Authentication Codes (MACs) employing FIPS 140-3 validated cryptographic hash algorithms.
UBTU-24-100900 - Ubuntu 24.04 LTS must accept Personal Identity Verification (PIV) credentials.
UBTU-24-100910 - Ubuntu 24.04 LTS must accept Personal Identity Verification (PIV) credentials managed through the Privileged Access Management (PAM) framework.
UBTU-24-101000 - Ubuntu 24.04 LTS must allow users to directly initiate a session lock for all connection types.
UBTU-24-102000 - Ubuntu 24.04 LTS when booted must require authentication upon booting into single-user and maintenance modes.
UBTU-24-102010 - Ubuntu 24.04 LTS must initiate session audits at system startup.
UBTU-24-200000 - Ubuntu 24.04 LTS must limit the number of concurrent sessions to 10 for all accounts and/or account types.
UBTU-24-200020 - Ubuntu 24.04 LTS must initiate a graphical session lock after 10 minutes of inactivity.
UBTU-24-200040 - Ubuntu 24.04 LTS must retain a user's session lock until the user reestablishes access using established identification and authentication procedures.
UBTU-24-200060 - Ubuntu 24.04 LTS must automatically terminate a user session after inactivity timeouts have expired.
UBTU-24-200090 - Ubuntu 24.04 LTS must monitor remote access methods.
UBTU-24-200250 - Ubuntu 24.04 LTS must automatically remove or disable emergency accounts after 72 hours.
UBTU-24-200260 - Ubuntu 24.04 LTS must disable account identifiers (individuals, groups, roles, and devices) after 35 days of inactivity.
UBTU-24-200280 - Ubuntu 24.04 LTS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.
UBTU-24-200290 - Ubuntu 24.04 LTS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group.
UBTU-24-200300 - Ubuntu 24.04 LTS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow.
UBTU-24-200310 - Ubuntu 24.04 LTS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/gshadow.
UBTU-24-200320 - Ubuntu 24.04 LTS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/opasswd.
UBTU-24-200580 - Ubuntu 24.04 LTS must prevent all software from executing at higher privilege levels than users executing the software and the audit system must be configured to audit the execution of privileged functions.
UBTU-24-200610 - Ubuntu 24.04 LTS must automatically lock an account until the locked account is released by an administrator when three unsuccessful logon attempts have been made.
UBTU-24-200640 - Ubuntu 24.04 LTS must display the Standard Mandatory DOD Notice and Consent Banner before granting access to via an SSH logon.
UBTU-24-200650 - Ubuntu 24.04 LTS must enable the graphical user logon banner to display the Standard Mandatory DOD Notice and Consent Banner before granting local access to the system via a graphical user logon.