Detections
Analytics

DISA Canonical Ubuntu 24.04 LTS STIG v1r3

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: DISA Canonical Ubuntu 24.04 LTS STIG v1r3

Updated: 2/17/2026

Authority: DISA STIG

Plugin: Unix

Revision: 1.1

Estimated Item Count: 195

File Details

Filename: DISA_STIG_Canonical_Ubuntu_24.04_LTS_v1r3.audit

Size: 457 kB

MD5: 62f44b65b9355fca252579272a583de3
SHA256: bcb49655a5397e51f65ca95221997fab58056af1cc968868842df2e931e6cadb

Audit Items

DescriptionCategories
DISA_STIG_Canonical_Ubuntu_24.04_LTS_v1r3.audit from DISA Canonical Ubuntu 24.04 LTS STIG v1r3
UBTU-24-100010 - Ubuntu 24.04 LTS must not have the "systemd-timesyncd" package installed.
UBTU-24-100020 - Ubuntu 24.04 LTS must not have the "ntp" package installed.
UBTU-24-100030 - Ubuntu 24.04 LTS must not have the telnet package installed.
UBTU-24-100040 - Ubuntu 24.04 LTS must not have the rsh-server package installed.
UBTU-24-100100 - Ubuntu 24.04 LTS must use a file integrity tool to verify correct operation of all security functions.
UBTU-24-100110 - Ubuntu 24.04 LTS must configure AIDE to perform file integrity checking on the file system.
UBTU-24-100120 - Ubuntu 24.04 LTS must be configured so that the script which runs each 30 days or less to check file integrity is the default one.
UBTU-24-100130 - Ubuntu 24.04 LTS must notify designated personnel if baseline configurations are changed in an unauthorized manner. The file integrity tool must notify the system administrator (SA) when changes to the baseline configuration or anomalies in the operation of any security functions are discovered.
UBTU-24-100200 - Ubuntu 24.04 LTS must be configured to preserve log records from failure events.
UBTU-24-100300 - Ubuntu 24.04 LTS must have an application firewall installed in order to control remote access methods.
UBTU-24-100310 - Ubuntu 24.04 LTS must enable and run the Uncomplicated Firewall (ufw).
UBTU-24-100400 - Ubuntu 24.04 LTS must have the "auditd" package installed.
UBTU-24-100410 - Ubuntu 24.04 LTS must produce audit records and reports containing information to establish when, where, what type, the source, and the outcome for all DOD-defined auditable events and actions in near real time.
UBTU-24-100450 - Ubuntu 24.04 LTS audit event multiplexor must be configured to offload audit logs onto a different system or storage media from the system being audited.
UBTU-24-100500 - Ubuntu 24.04 LTS must have AppArmor installed.
UBTU-24-100510 - Ubuntu 24.04 LTS must be configured to use AppArmor.
UBTU-24-100600 - Ubuntu 24.04 LTS must have the "libpam-pwquality" package installed.
UBTU-24-100650 - Ubuntu 24.04 LTS must have the "SSSD" package installed.
UBTU-24-100660 - Ubuntu 24.04 LTS must use the "SSSD" package for multifactor authentication services.
UBTU-24-100700 - Ubuntu 24.04 LTS must have the "chrony" package installed.
UBTU-24-100800 - Ubuntu 24.04 LTS must have SSH installed.
UBTU-24-100810 - Ubuntu 24.04 LTS must use SSH to protect the confidentiality and integrity of transmitted information.
UBTU-24-100820 - Ubuntu 24.04 LTS must configure the SSH daemon to use FIPS 140-3 approved ciphers to prevent the unauthorized disclosure of information and/or detect changes to information during transmission.
UBTU-24-100830 - Ubuntu 24.04 LTS must configure the SSH daemon to use Message Authentication Codes (MACs) employing FIPS 140-3 approved cryptographic hashes to prevent the unauthorized disclosure of information and/or detect changes to information during transmission.
UBTU-24-100840 - Ubuntu 24.04 LTS SSH server must be configured to use only FIPS 140-3 validated key exchange algorithms.
UBTU-24-100850 - Ubuntu 24.04 LTS must configure the SSH client to use FIPS 140-3 approved ciphers to prevent the unauthorized disclosure of information and/or detect changes to information during transmission.
UBTU-24-100860 - Ubuntu 24.04 LTS SSH client must be configured to use only Message Authentication Codes (MACs) employing FIPS 140-3 validated cryptographic hash algorithms.
UBTU-24-100900 - Ubuntu 24.04 LTS must accept Personal Identity Verification (PIV) credentials.
UBTU-24-100910 - Ubuntu 24.04 LTS must accept Personal Identity Verification (PIV) credentials managed through the Privileged Access Management (PAM) framework.
UBTU-24-101000 - Ubuntu 24.04 LTS must allow users to directly initiate a session lock for all connection types.
UBTU-24-102000 - Ubuntu 24.04 LTS when booted must require authentication upon booting into single-user and maintenance modes.
UBTU-24-102010 - Ubuntu 24.04 LTS must initiate session audits at system startup.
UBTU-24-200000 - Ubuntu 24.04 LTS must limit the number of concurrent sessions to 10 for all accounts and/or account types.
UBTU-24-200020 - Ubuntu 24.04 LTS must initiate a graphical session lock after 10 minutes of inactivity.
UBTU-24-200040 - Ubuntu 24.04 LTS must prevent a user from overriding the disabling of the graphical user interface automount function.
UBTU-24-200041 - Ubuntu 24.04 LTS must prevent a user from overriding the disabling of the graphical user interface autorun function.
UBTU-24-200042 - Ubuntu 24.04 LTS must prevent a user from overriding the disabling of the graphical user smart card removal action.
UBTU-24-200043 - Ubuntu 24.04 LTS must conceal, via the session lock, information previously visible on the display with a publicly viewable image.
UBTU-24-200060 - Ubuntu 24.04 LTS must automatically terminate a user session after inactivity timeouts have expired.
UBTU-24-200090 - Ubuntu 24.04 LTS must monitor remote access methods.
UBTU-24-200250 - Ubuntu 24.04 LTS must automatically remove or disable emergency accounts after 72 hours.
UBTU-24-200260 - Ubuntu 24.04 LTS must disable account identifiers (individuals, groups, roles, and devices) after 35 days of inactivity.
UBTU-24-200270 - Ubuntu 24.04 LTS must audit any script or executable called by cron as root or by any privileged user.
UBTU-24-200280 - Ubuntu 24.04 LTS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.
UBTU-24-200290 - Ubuntu 24.04 LTS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group.
UBTU-24-200300 - Ubuntu 24.04 LTS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow.
UBTU-24-200310 - Ubuntu 24.04 LTS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/gshadow.
UBTU-24-200320 - Ubuntu 24.04 LTS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/opasswd.
UBTU-24-200580 - Ubuntu 24.04 LTS must prevent all software from executing at higher privilege levels than users executing the software and the audit system must be configured to audit the execution of privileged functions.