DISA STIG Ubuntu 18.04 LTS v2r8

Audit Details

Name: DISA STIG Ubuntu 18.04 LTS v2r8

Updated: 8/23/2022

Authority: DISA STIG

Plugin: Unix

Revision: 1.0

Estimated Item Count: 302

File Details

Filename: DISA_STIG_Ubuntu_18.04_LTS_v2r8.audit

Size: 756 kB

MD5: a48d980a5a1ff07b4715fa3b14b44325
SHA256: 29a265cf626578d40447ed9b514604aedaf21db024197c75e884cea7dfc41558

Audit Items

DescriptionCategories
DISA_STIG_Ubuntu_18.04_LTS_v2r8.audit from DISA Canonical Ubuntu 18.04 LTS v2r8 STIG
UBTU-18-010000 - Ubuntu operating systems booted with a BIOS must require authentication upon booting into single-user and maintenance modes.

ACCESS CONTROL

UBTU-18-010001 - Ubuntu operating systems booted with United Extensible Firmware Interface (UEFI) implemented must require authentication upon booting into single-user mode and maintenance.

ACCESS CONTROL

UBTU-18-010002 - The Ubuntu operating system must initiate session audits at system startup.

AUDIT AND ACCOUNTABILITY

UBTU-18-010003 - Ubuntu operating systems handling data requiring data at rest protections must employ cryptographic mechanisms to prevent unauthorized disclosure and modification of the information at rest.

SYSTEM AND COMMUNICATIONS PROTECTION

UBTU-18-010005 - The Ubuntu operating system must implement NIST FIPS-validated cryptography to protect classified information and for the following: to provision digital signatures, to generate cryptographic hashes, and to protect unclassified information requiring confidentiality and cryptographic protection in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards.

SYSTEM AND COMMUNICATIONS PROTECTION

UBTU-18-010006 - The Ubuntu operating system must immediately notify the SA and ISSO (at a minimum) when allocated audit record storage volume reaches 75% of the repository maximum audit record storage capacity - action_mail_acct

AUDIT AND ACCOUNTABILITY

UBTU-18-010006 - The Ubuntu operating system must immediately notify the SA and ISSO (at a minimum) when allocated audit record storage volume reaches 75% of the repository maximum audit record storage capacity - space_left

AUDIT AND ACCOUNTABILITY

UBTU-18-010006 - The Ubuntu operating system must immediately notify the SA and ISSO (at a minimum) when allocated audit record storage volume reaches 75% of the repository maximum audit record storage capacity - space_left_action

AUDIT AND ACCOUNTABILITY

UBTU-18-010006 - The Ubuntu operating system must immediately notify the SA and ISSO (at a minimum) when allocated audit record storage volume reaches 75% of the repository maximum audit record storage capacity - space_left_action syslog

AUDIT AND ACCOUNTABILITY

UBTU-18-010007 - The Ubuntu operating system audit event multiplexor must be configured to off-load audit logs onto a different system in real time, if the system is interconnected - active=yes

AUDIT AND ACCOUNTABILITY

UBTU-18-010007 - The Ubuntu operating system audit event multiplexor must be configured to off-load audit logs onto a different system in real time, if the system is interconnected - installed

AUDIT AND ACCOUNTABILITY

UBTU-18-010007 - The Ubuntu operating system audit event multiplexor must be configured to off-load audit logs onto a different system in real time, if the system is interconnected - remote_server

AUDIT AND ACCOUNTABILITY

UBTU-18-010008 - The Ubuntu operating system must have a crontab script running weekly to off-load audit events of standalone systems.

AUDIT AND ACCOUNTABILITY

UBTU-18-010016 - Advance package Tool (APT) must be configured to prevent the installation of patches, service packs, device drivers, or Ubuntu operating system components without verification they have been digitally signed using a certificate that is recognized and approved by the organization.

CONFIGURATION MANAGEMENT

UBTU-18-010017 - The Ubuntu operating system must be configured so that Advance package Tool (APT) removes all software components after updated versions have been installed - Remove-Unused-Dependencies

SYSTEM AND INFORMATION INTEGRITY

UBTU-18-010017 - The Ubuntu operating system must be configured so that Advance package Tool (APT) removes all software components after updated versions have been installed - Remove-Unused-Kernel-Packages

SYSTEM AND INFORMATION INTEGRITY

UBTU-18-010018 - The Ubuntu operating system must not have the Network Information Service (NIS) package installed.

CONFIGURATION MANAGEMENT

UBTU-18-010019 - The Ubuntu operating system must not have the rsh-server package installed.

CONFIGURATION MANAGEMENT

UBTU-18-010021 - The Ubuntu operating system must deploy Endpoint Security for Linux Threat Prevention (ENSLTP) - package

SYSTEM AND INFORMATION INTEGRITY

UBTU-18-010021 - The Ubuntu operating system must deploy Endpoint Security for Linux Threat Prevention (ENSLTP) - service

SYSTEM AND INFORMATION INTEGRITY

UBTU-18-010022 - The Ubuntu operating system must be configured to preserve log records from failure events - active

SYSTEM AND COMMUNICATIONS PROTECTION

UBTU-18-010022 - The Ubuntu operating system must be configured to preserve log records from failure events - enabled

SYSTEM AND COMMUNICATIONS PROTECTION

UBTU-18-010022 - The Ubuntu operating system must be configured to preserve log records from failure events - installed

SYSTEM AND COMMUNICATIONS PROTECTION

UBTU-18-010023 - The Ubuntu operating system must have an application firewall installed in order to control remote access methods.

ACCESS CONTROL

UBTU-18-010025 - The Ubuntu operating system audit event multiplexor must be configured to off-load audit logs onto a different system or storage media from the system being audited - active

AUDIT AND ACCOUNTABILITY

UBTU-18-010025 - The Ubuntu operating system audit event multiplexor must be configured to off-load audit logs onto a different system or storage media from the system being audited - auditd is-active

AUDIT AND ACCOUNTABILITY

UBTU-18-010025 - The Ubuntu operating system audit event multiplexor must be configured to off-load audit logs onto a different system or storage media from the system being audited - installed

AUDIT AND ACCOUNTABILITY

UBTU-18-010025 - The Ubuntu operating system audit event multiplexor must be configured to off-load audit logs onto a different system or storage media from the system being audited - remote_server

AUDIT AND ACCOUNTABILITY

UBTU-18-010030 - The Ubuntu operating system must be configured such that Pluggable Authentication Module (PAM) prohibits the use of cached authentications after one day - /etc/sssd/conf.d/*

IDENTIFICATION AND AUTHENTICATION

UBTU-18-010030 - The Ubuntu operating system must be configured such that Pluggable Authentication Module (PAM) prohibits the use of cached authentications after one day - /etc/sssd/sssd.conf

IDENTIFICATION AND AUTHENTICATION

UBTU-18-010031 - The Ubuntu operating system must enforce a delay of at least 4 seconds between logon prompts following a failed logon attempt.

CONFIGURATION MANAGEMENT

UBTU-18-010032 - The Ubuntu operating system must display the date and time of the last successful account logon upon logon.

CONFIGURATION MANAGEMENT

UBTU-18-010033 - The Ubuntu operating system must be configured so that three consecutive invalid logon attempts by a user automatically locks the account until released by an administrator.

ACCESS CONTROL

UBTU-18-010035 - The Ubuntu operating system must display the Standard Mandatory DoD Notice and Consent Banner before granting local access to the system via a graphical user logon - banner text

ACCESS CONTROL

UBTU-18-010035 - The Ubuntu operating system must display the Standard Mandatory DoD Notice and Consent Banner before granting local access to the system via a graphical user logon - banner-message-enable

ACCESS CONTROL

UBTU-18-010036 - The Ubuntu operating system must prevent direct login into the root account.

IDENTIFICATION AND AUTHENTICATION

UBTU-18-010037 - The Ubuntu operating system must be configured so that only users who need access to security functions are part of the sudo group.

SYSTEM AND COMMUNICATIONS PROTECTION

UBTU-18-010038 - The Ubuntu operating system must display the Standard Mandatory DoD Notice and Consent Banner before granting any publically accessible connection to the system.

ACCESS CONTROL

UBTU-18-010100 - The Ubuntu operating system must enforce password complexity by requiring that at least one upper-case character be used - ucredit

IDENTIFICATION AND AUTHENTICATION

UBTU-18-010101 - The Ubuntu operating system must enforce password complexity by requiring that at least one lower-case character be used - lcredit

IDENTIFICATION AND AUTHENTICATION

UBTU-18-010102 - The Ubuntu operating system must enforce password complexity by requiring that at least one numeric character be used - dcredit

IDENTIFICATION AND AUTHENTICATION

UBTU-18-010103 - The Ubuntu operating system must require the change of at least 8 characters when passwords are changed - difok

IDENTIFICATION AND AUTHENTICATION

UBTU-18-010104 - The Ubuntu operating system must encrypt all stored passwords with a FIPS 140-2 approved cryptographic hashing algorithm.

IDENTIFICATION AND AUTHENTICATION

UBTU-18-010105 - The Ubuntu operating system must not have the telnet package installed.

IDENTIFICATION AND AUTHENTICATION

UBTU-18-010106 - The Ubuntu operating system must enforce 24 hours/1 day as the minimum password lifetime. Passwords for new users must have a 24 hours/1 day minimum password lifetime restriction.

IDENTIFICATION AND AUTHENTICATION

UBTU-18-010107 - The Ubuntu operating system must enforce a 60-day maximum password lifetime restriction. Passwords for new users must have a 60-day maximum password lifetime restriction.

IDENTIFICATION AND AUTHENTICATION

UBTU-18-010108 - The Ubuntu operating system must prohibit password reuse for a minimum of five generations.

IDENTIFICATION AND AUTHENTICATION

UBTU-18-010109 - The Ubuntu operating system must enforce a minimum 15-character password length.

IDENTIFICATION AND AUTHENTICATION

UBTU-18-010110 - The Ubuntu operating system must employ a FIPS 140-2 approved cryptographic hashing algorithms for all created and stored passwords - ENCRYPT_METHOD

IDENTIFICATION AND AUTHENTICATION