DISA Canonical Ubuntu 24.04 LTS STIG v1r2

Audit Details

Name: DISA Canonical Ubuntu 24.04 LTS STIG v1r2

Updated: 9/19/2025

Authority: DISA STIG

Plugin: Unix

Revision: 1.0

Estimated Item Count: 195

File Details

Filename: DISA_STIG_Canonical_Ubuntu_24.04_LTS_v1r2.audit

Size: 528 kB

MD5: 8f208f69240fe4b9143ef448b89d422f
SHA256: a95be1674bb8cb7245a7a6717398d86ecae665791a557e254846d30310bbaa63

Audit Items

DescriptionCategories
DISA_Canonical_Ubuntu_24.04_LTS_STIG_v1r2.audit from DISA Canonical Ubuntu 24.04 LTS STIG v1r2
UBTU-24-90890 - Ubuntu 24.04 LTS must use cryptographic mechanisms to protect the integrity of audit tools.

AUDIT AND ACCOUNTABILITY

UBTU-24-100010 - Ubuntu 24.04 LTS must not have the "systemd-timesyncd" package installed.

CONFIGURATION MANAGEMENT

UBTU-24-100020 - Ubuntu 24.04 LTS must not have the "ntp" package installed.

CONFIGURATION MANAGEMENT

UBTU-24-100030 - Ubuntu 24.04 LTS must not have the telnet package installed.

IDENTIFICATION AND AUTHENTICATION

UBTU-24-100040 - Ubuntu 24.04 LTS must not have the rsh-server package installed.

CONFIGURATION MANAGEMENT

UBTU-24-100100 - Ubuntu 24.04 LTS must use a file integrity tool to verify correct operation of all security functions.

SYSTEM AND INFORMATION INTEGRITY

UBTU-24-100110 - Ubuntu 24.04 LTS must configure AIDE to preform file integrity checking on the file system.

SYSTEM AND INFORMATION INTEGRITY

UBTU-24-100120 - Ubuntu 24.04 LTS must be configured so that the script which runs each 30 days or less to check file integrity is the default one.

SYSTEM AND INFORMATION INTEGRITY

UBTU-24-100130 - Ubuntu 24.04 LTS must notify designated personnel if baseline configurations are changed in an unauthorized manner. The file integrity tool must notify the system administrator (SA) when changes to the baseline configuration or anomalies in the operation of any security functions are discovered.

CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY

UBTU-24-100200 - Ubuntu 24.04 LTS must be configured to preserve log records from failure events.

SYSTEM AND COMMUNICATIONS PROTECTION

UBTU-24-100300 - Ubuntu 24.04 LTS must have an application firewall installed in order to control remote access methods.

ACCESS CONTROL

UBTU-24-100310 - Ubuntu 24.04 LTS must enable and run the Uncomplicated Firewall (ufw).

ACCESS CONTROL

UBTU-24-100400 - Ubuntu 24.04 LTS must have the "auditd" package installed.

AUDIT AND ACCOUNTABILITY

UBTU-24-100410 - Ubuntu 24.04 LTS must produce audit records and reports containing information to establish when, where, what type, the source, and the outcome for all DOD-defined auditable events and actions in near real time.

AUDIT AND ACCOUNTABILITY

UBTU-24-100450 - Ubuntu 24.04 LTS audit event multiplexor must be configured to offload audit logs onto a different system or storage media from the system being audited.

AUDIT AND ACCOUNTABILITY

UBTU-24-100500 - Ubuntu 24.04 LTS must have AppArmor installed.

ACCESS CONTROL, CONFIGURATION MANAGEMENT

UBTU-24-100510 - Ubuntu 24.04 LTS must be configured to use AppArmor.

ACCESS CONTROL, CONFIGURATION MANAGEMENT

UBTU-24-100600 - Ubuntu 24.04 LTS must have the "libpam-pwquality" package installed.

CONFIGURATION MANAGEMENT

UBTU-24-100650 - Ubuntu 24.04 LTS must have the "SSSD" package installed.

IDENTIFICATION AND AUTHENTICATION

UBTU-24-100660 - Ubuntu 24.04 LTS must use the "SSSD" package for multifactor authentication services.

IDENTIFICATION AND AUTHENTICATION

UBTU-24-100700 - Ubuntu 24.04 LTS must have the "chrony" package installed.

CONFIGURATION MANAGEMENT

UBTU-24-100800 - Ubuntu 24.04 LTS must have SSH installed.

SYSTEM AND COMMUNICATIONS PROTECTION

UBTU-24-100810 - Ubuntu 24.04 LTS must use SSH to protect the confidentiality and integrity of transmitted information.

SYSTEM AND COMMUNICATIONS PROTECTION

UBTU-24-100820 - Ubuntu 24.04 LTS must configure the SSH daemon to use FIPS 140-3 approved ciphers to prevent the unauthorized disclosure of information and/or detect changes to information during transmission.

ACCESS CONTROL, MAINTENANCE, SYSTEM AND COMMUNICATIONS PROTECTION

UBTU-24-100830 - Ubuntu 24.04 LTS must configure the SSH daemon to use Message Authentication Codes (MACs) employing FIPS 140-3 approved cryptographic hashes to prevent the unauthorized disclosure of information and/or detect changes to information during transmission.

ACCESS CONTROL, MAINTENANCE, SYSTEM AND COMMUNICATIONS PROTECTION

UBTU-24-100840 - Ubuntu 24.04 LTS SSH server must be configured to use only FIPS 140-3 validated key exchange algorithms.

ACCESS CONTROL

UBTU-24-100850 - Ubuntu 24.04 LTS must configure the SSH client to use FIPS 140-3 approved ciphers to prevent the unauthorized disclosure of information and/or detect changes to information during transmission.

ACCESS CONTROL

UBTU-24-100860 - Ubuntu 24.04 LTS SSH client must be configured to use only Message Authentication Codes (MACs) employing FIPS 140-3 validated cryptographic hash algorithms.

ACCESS CONTROL

UBTU-24-100900 - Ubuntu 24.04 LTS must accept Personal Identity Verification (PIV) credentials.

IDENTIFICATION AND AUTHENTICATION

UBTU-24-100910 - Ubuntu 24.04 LTS must accept Personal Identity Verification (PIV) credentials managed through the Privileged Access Management (PAM) framework.

IDENTIFICATION AND AUTHENTICATION

UBTU-24-101000 - Ubuntu 24.04 LTS must allow users to directly initiate a session lock for all connection types.

ACCESS CONTROL

UBTU-24-102000 - Ubuntu 24.04 LTS when booted must require authentication upon booting into single-user and maintenance modes.

ACCESS CONTROL

UBTU-24-102010 - Ubuntu 24.04 LTS must initiate session audits at system startup.

AUDIT AND ACCOUNTABILITY

UBTU-24-200000 - Ubuntu 24.04 LTS must limit the number of concurrent sessions to 10 for all accounts and/or account types.

ACCESS CONTROL

UBTU-24-200020 - Ubuntu 24.04 LTS must initiate a graphical session lock after 10 minutes of inactivity.

ACCESS CONTROL

UBTU-24-200040 - Ubuntu 24.04 LTS must prevent a user from overriding the disabling of the graphical user interface automount function.

ACCESS CONTROL

UBTU-24-200041 - Ubuntu 24.04 LTS must prevent a user from overriding the disabling of the graphical user interface autorun function.

IDENTIFICATION AND AUTHENTICATION

UBTU-24-200042 - Ubuntu 24.04 LTS must prevent a user from overriding the disabling of the graphical user smart card removal action.

ACCESS CONTROL

UBTU-24-200043 - Ubuntu 24.04 LTS must conceal, via the session lock, information previously visible on the display with a publicly viewable image.

ACCESS CONTROL

UBTU-24-200060 - Ubuntu 24.04 LTS must automatically terminate a user session after inactivity timeouts have expired.

ACCESS CONTROL

UBTU-24-200090 - Ubuntu 24.04 LTS must monitor remote access methods.

ACCESS CONTROL

UBTU-24-200250 - Ubuntu 24.04 LTS must automatically remove or disable emergency accounts after 72 hours.

ACCESS CONTROL

UBTU-24-200260 - Ubuntu 24.04 LTS must disable account identifiers (individuals, groups, roles, and devices) after 35 days of inactivity.

ACCESS CONTROL

UBTU-24-200270 - Ubuntu 24.04 LTS must audit any script or executable called by cron as root or by any privileged user.

AUDIT AND ACCOUNTABILITY

UBTU-24-200280 - Ubuntu 24.04 LTS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY

UBTU-24-200290 - Ubuntu 24.04 LTS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group.

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY

UBTU-24-200300 - Ubuntu 24.04 LTS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow.

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY

UBTU-24-200310 - Ubuntu 24.04 LTS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/gshadow.

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY

UBTU-24-200320 - Ubuntu 24.04 LTS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/opasswd.

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY