| DISA_STIG_Canonical_Ubuntu_22.04_LTS_v2r2.audit from DISA Canonical Ubuntu 22.04 LTS v2r2 STIG | |
| UBTU-22-211015 - Ubuntu 22.04 LTS must disable the x86 Ctrl-Alt-Delete key sequence. | CONFIGURATION MANAGEMENT |
| UBTU-22-212010 - Ubuntu 22.04 LTS, when booted, must require authentication upon booting into single-user and maintenance modes. | ACCESS CONTROL |
| UBTU-22-212015 - Ubuntu 22.04 LTS must initiate session audits at system startup. | AUDIT AND ACCOUNTABILITY |
| UBTU-22-213010 - Ubuntu 22.04 LTS must restrict access to the kernel message buffer. | SYSTEM AND COMMUNICATIONS PROTECTION |
| UBTU-22-213015 - Ubuntu 22.04 LTS must disable kernel core dumps so that it can fail to a secure state if system initialization fails, shutdown fails or aborts fail. | SYSTEM AND COMMUNICATIONS PROTECTION |
| UBTU-22-213020 - Ubuntu 22.04 LTS must implement address space layout randomization to protect its memory from unauthorized code execution. | SYSTEM AND INFORMATION INTEGRITY |
| UBTU-22-213025 - Ubuntu 22.04 LTS must implement nonexecutable data to protect its memory from unauthorized code execution. | SYSTEM AND INFORMATION INTEGRITY |
| UBTU-22-214010 - Ubuntu 22.04 LTS must be configured so that the Advance Package Tool (APT) prevents the installation of patches, service packs, device drivers, or operating system components without verification they have been digitally signed using a certificate that is recognized and approved by the organization. | CONFIGURATION MANAGEMENT |
| UBTU-22-214015 - Ubuntu 22.04 LTS must be configured so that the Advance Package Tool (APT) removes all software components after updated versions have been installed. | SYSTEM AND INFORMATION INTEGRITY |
| UBTU-22-215010 - Ubuntu 22.04 LTS must have the 'libpam-pwquality' package installed. | CONFIGURATION MANAGEMENT |
| UBTU-22-215015 - Ubuntu 22.04 LTS must have the 'chrony' package installed. | CONFIGURATION MANAGEMENT |
| UBTU-22-215020 - Ubuntu 22.04 LTS must not have the 'systemd-timesyncd' package installed. | CONFIGURATION MANAGEMENT |
| UBTU-22-215025 - Ubuntu 22.04 LTS must not have the 'ntp' package installed. | CONFIGURATION MANAGEMENT |
| UBTU-22-215030 - Ubuntu 22.04 LTS must not have the 'rsh-server' package installed. | CONFIGURATION MANAGEMENT |
| UBTU-22-215035 - Ubuntu 22.04 LTS must not have the 'telnet' package installed. | IDENTIFICATION AND AUTHENTICATION |
| UBTU-22-231010 - Ubuntu 22.04 LTS must implement cryptographic mechanisms to prevent unauthorized disclosure and modification of all information that requires protection at rest. | SYSTEM AND COMMUNICATIONS PROTECTION |
| UBTU-22-232010 - Ubuntu 22.04 LTS must have directories that contain system commands set to a mode of '755' or less permissive. | AUDIT AND ACCOUNTABILITY |
| UBTU-22-232015 - Ubuntu 22.04 LTS must have system commands set to a mode of '755' or less permissive. | CONFIGURATION MANAGEMENT |
| UBTU-22-232020 - Ubuntu 22.04 LTS library files must have mode '755' or less permissive. | CONFIGURATION MANAGEMENT |
| UBTU-22-232025 - Ubuntu 22.04 LTS must configure the '/var/log' directory to have mode '755' or less permissive. | SYSTEM AND INFORMATION INTEGRITY |
| UBTU-22-232026 - Ubuntu 22.04 LTS must generate error messages that provide information necessary for corrective actions without revealing information that could be exploited by adversaries. | SYSTEM AND INFORMATION INTEGRITY |
| UBTU-22-232027 - Ubuntu 22.04 LTS must generate system journal entries without revealing information that could be exploited by adversaries. | SYSTEM AND INFORMATION INTEGRITY |
| UBTU-22-232030 - Ubuntu 22.04 LTS must configure '/var/log/syslog' file with mode '640' or less permissive. | SYSTEM AND INFORMATION INTEGRITY |
| UBTU-22-232035 - Ubuntu 22.04 LTS must configure audit tools with a mode of '755' or less permissive. | AUDIT AND ACCOUNTABILITY |
| UBTU-22-232040 - Ubuntu 22.04 LTS must have directories that contain system commands owned by 'root'. | AUDIT AND ACCOUNTABILITY |
| UBTU-22-232045 - Ubuntu 22.04 LTS must have directories that contain system commands group-owned by 'root'. | AUDIT AND ACCOUNTABILITY |
| UBTU-22-232050 - Ubuntu 22.04 LTS must have system commands owned by 'root' or a system account. | CONFIGURATION MANAGEMENT |
| UBTU-22-232055 - Ubuntu 22.04 LTS must have system commands group-owned by 'root' or a system account. | CONFIGURATION MANAGEMENT |
| UBTU-22-232060 - Ubuntu 22.04 LTS library directories must be owned by 'root'. | CONFIGURATION MANAGEMENT |
| UBTU-22-232065 - Ubuntu 22.04 LTS library directories must be group-owned by 'root'. | CONFIGURATION MANAGEMENT |
| UBTU-22-232070 - Ubuntu 22.04 LTS library files must be owned by 'root'. | CONFIGURATION MANAGEMENT |
| UBTU-22-232075 - Ubuntu 22.04 LTS library files must be group-owned by 'root'. | CONFIGURATION MANAGEMENT |
| UBTU-22-232080 - Ubuntu 22.04 LTS must configure the directories used by the system journal to be owned by 'root'. | SYSTEM AND INFORMATION INTEGRITY |
| UBTU-22-232085 - Ubuntu 22.04 LTS must configure the directories used by the system journal to be group-owned by 'systemd-journal'. | SYSTEM AND INFORMATION INTEGRITY |
| UBTU-22-232090 - Ubuntu 22.04 LTS must configure the files used by the system journal to be owned by 'root'. | SYSTEM AND INFORMATION INTEGRITY |
| UBTU-22-232095 - Ubuntu 22.04 LTS must configure the files used by the system journal to be group-owned by 'systemd-journal'. | SYSTEM AND INFORMATION INTEGRITY |
| UBTU-22-232100 - Ubuntu 22.04 LTS must be configured so that the 'journalctl' command is owned by 'root'. | SYSTEM AND INFORMATION INTEGRITY |
| UBTU-22-232105 - Ubuntu 22.04 LTS must be configured so that the 'journalctl' command is group-owned by 'root'. | SYSTEM AND INFORMATION INTEGRITY |
| UBTU-22-232110 - Ubuntu 22.04 LTS must configure audit tools to be owned by 'root'. | AUDIT AND ACCOUNTABILITY |
| UBTU-22-232120 - Ubuntu 22.04 LTS must configure the '/var/log' directory to be owned by 'root'. | SYSTEM AND INFORMATION INTEGRITY |
| UBTU-22-232125 - Ubuntu 22.04 LTS must configure the '/var/log' directory to be group-owned by 'syslog'. | SYSTEM AND INFORMATION INTEGRITY |
| UBTU-22-232130 - Ubuntu 22.04 LTS must configure '/var/log/syslog' file to be owned by 'syslog'. | SYSTEM AND INFORMATION INTEGRITY |
| UBTU-22-232135 - Ubuntu 22.04 LTS must configure the '/var/log/syslog' file to be group-owned by 'adm'. | SYSTEM AND INFORMATION INTEGRITY |
| UBTU-22-232140 - Ubuntu 22.04 LTS must be configured so that the 'journalctl' command is not accessible by unauthorized users. | SYSTEM AND INFORMATION INTEGRITY |
| UBTU-22-232145 - Ubuntu 22.04 LTS must set a sticky bit on all public directories to prevent unauthorized and unintended information transferred via shared system resources. | SYSTEM AND COMMUNICATIONS PROTECTION |
| UBTU-22-251010 - Ubuntu 22.04 LTS must have an application firewall installed in order to control remote access methods. | ACCESS CONTROL |
| UBTU-22-251015 - Ubuntu 22.04 LTS must enable and run the Uncomplicated Firewall (ufw). | ACCESS CONTROL |
| UBTU-22-251020 - Ubuntu 22.04 LTS must have an application firewall enabled. | CONFIGURATION MANAGEMENT |
| UBTU-22-251025 - Ubuntu 22.04 LTS must configure the Uncomplicated Firewall (ufw) to rate-limit impacted network interfaces. | SYSTEM AND COMMUNICATIONS PROTECTION |
