Detections
Analytics

DISA Canonical Ubuntu 24.04 LTS STIG v1r2

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: DISA Canonical Ubuntu 24.04 LTS STIG v1r2

Updated: 12/22/2025

Authority: DISA STIG

Plugin: Unix

Revision: 1.2

Estimated Item Count: 195

Audit Items

DescriptionCategories
DISA_Canonical_Ubuntu_24.04_LTS_STIG_v1r2.audit from DISA Canonical Ubuntu 24.04 LTS STIG v1r2
UBTU-24-90890 - Ubuntu 24.04 LTS must use cryptographic mechanisms to protect the integrity of audit tools.
UBTU-24-100010 - Ubuntu 24.04 LTS must not have the "systemd-timesyncd" package installed.
UBTU-24-100020 - Ubuntu 24.04 LTS must not have the "ntp" package installed.
UBTU-24-100030 - Ubuntu 24.04 LTS must not have the telnet package installed.
UBTU-24-100040 - Ubuntu 24.04 LTS must not have the rsh-server package installed.
UBTU-24-100100 - Ubuntu 24.04 LTS must use a file integrity tool to verify correct operation of all security functions.
UBTU-24-100110 - Ubuntu 24.04 LTS must configure AIDE to preform file integrity checking on the file system.
UBTU-24-100120 - Ubuntu 24.04 LTS must be configured so that the script which runs each 30 days or less to check file integrity is the default one.
UBTU-24-100130 - Ubuntu 24.04 LTS must notify designated personnel if baseline configurations are changed in an unauthorized manner. The file integrity tool must notify the system administrator (SA) when changes to the baseline configuration or anomalies in the operation of any security functions are discovered.
UBTU-24-100200 - Ubuntu 24.04 LTS must be configured to preserve log records from failure events.
UBTU-24-100300 - Ubuntu 24.04 LTS must have an application firewall installed in order to control remote access methods.
UBTU-24-100310 - Ubuntu 24.04 LTS must enable and run the Uncomplicated Firewall (ufw).
UBTU-24-100400 - Ubuntu 24.04 LTS must have the "auditd" package installed.
UBTU-24-100410 - Ubuntu 24.04 LTS must produce audit records and reports containing information to establish when, where, what type, the source, and the outcome for all DOD-defined auditable events and actions in near real time.
UBTU-24-100450 - Ubuntu 24.04 LTS audit event multiplexor must be configured to offload audit logs onto a different system or storage media from the system being audited.
UBTU-24-100500 - Ubuntu 24.04 LTS must have AppArmor installed.
UBTU-24-100510 - Ubuntu 24.04 LTS must be configured to use AppArmor.
UBTU-24-100600 - Ubuntu 24.04 LTS must have the "libpam-pwquality" package installed.
UBTU-24-100650 - Ubuntu 24.04 LTS must have the "SSSD" package installed.
UBTU-24-100660 - Ubuntu 24.04 LTS must use the "SSSD" package for multifactor authentication services.
UBTU-24-100700 - Ubuntu 24.04 LTS must have the "chrony" package installed.
UBTU-24-100800 - Ubuntu 24.04 LTS must have SSH installed.
UBTU-24-100810 - Ubuntu 24.04 LTS must use SSH to protect the confidentiality and integrity of transmitted information.
UBTU-24-100820 - Ubuntu 24.04 LTS must configure the SSH daemon to use FIPS 140-3 approved ciphers to prevent the unauthorized disclosure of information and/or detect changes to information during transmission.
UBTU-24-100830 - Ubuntu 24.04 LTS must configure the SSH daemon to use Message Authentication Codes (MACs) employing FIPS 140-3 approved cryptographic hashes to prevent the unauthorized disclosure of information and/or detect changes to information during transmission.
UBTU-24-100840 - Ubuntu 24.04 LTS SSH server must be configured to use only FIPS 140-3 validated key exchange algorithms.
UBTU-24-100850 - Ubuntu 24.04 LTS must configure the SSH client to use FIPS 140-3 approved ciphers to prevent the unauthorized disclosure of information and/or detect changes to information during transmission.
UBTU-24-100860 - Ubuntu 24.04 LTS SSH client must be configured to use only Message Authentication Codes (MACs) employing FIPS 140-3 validated cryptographic hash algorithms.
UBTU-24-100900 - Ubuntu 24.04 LTS must accept Personal Identity Verification (PIV) credentials.
UBTU-24-100910 - Ubuntu 24.04 LTS must accept Personal Identity Verification (PIV) credentials managed through the Privileged Access Management (PAM) framework.
UBTU-24-101000 - Ubuntu 24.04 LTS must allow users to directly initiate a session lock for all connection types.
UBTU-24-102000 - Ubuntu 24.04 LTS when booted must require authentication upon booting into single-user and maintenance modes.
UBTU-24-102010 - Ubuntu 24.04 LTS must initiate session audits at system startup.
UBTU-24-200000 - Ubuntu 24.04 LTS must limit the number of concurrent sessions to 10 for all accounts and/or account types.
UBTU-24-200020 - Ubuntu 24.04 LTS must initiate a graphical session lock after 10 minutes of inactivity.
UBTU-24-200040 - Ubuntu 24.04 LTS must prevent a user from overriding the disabling of the graphical user interface automount function.
UBTU-24-200041 - Ubuntu 24.04 LTS must prevent a user from overriding the disabling of the graphical user interface autorun function.
UBTU-24-200042 - Ubuntu 24.04 LTS must prevent a user from overriding the disabling of the graphical user smart card removal action.
UBTU-24-200043 - Ubuntu 24.04 LTS must conceal, via the session lock, information previously visible on the display with a publicly viewable image.
UBTU-24-200060 - Ubuntu 24.04 LTS must automatically terminate a user session after inactivity timeouts have expired.
UBTU-24-200090 - Ubuntu 24.04 LTS must monitor remote access methods.
UBTU-24-200250 - Ubuntu 24.04 LTS must automatically remove or disable emergency accounts after 72 hours.
UBTU-24-200260 - Ubuntu 24.04 LTS must disable account identifiers (individuals, groups, roles, and devices) after 35 days of inactivity.
UBTU-24-200270 - Ubuntu 24.04 LTS must audit any script or executable called by cron as root or by any privileged user.
UBTU-24-200280 - Ubuntu 24.04 LTS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.
UBTU-24-200290 - Ubuntu 24.04 LTS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group.
UBTU-24-200300 - Ubuntu 24.04 LTS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow.
UBTU-24-200310 - Ubuntu 24.04 LTS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/gshadow.
UBTU-24-200320 - Ubuntu 24.04 LTS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/opasswd.