| DISA_Canonical_Ubuntu_24.04_LTS_STIG_v1r1.audit from DISA Canonical Ubuntu 24.04 LTS STIG v1r1 | |
| UBTU-24-90890 - Ubuntu 24.04 LTS must use cryptographic mechanisms to protect the integrity of audit tools. | AUDIT AND ACCOUNTABILITY |
| UBTU-24-100010 - Ubuntu 24.04 LTS must not have the "systemd-timesyncd" package installed. | CONFIGURATION MANAGEMENT |
| UBTU-24-100020 - Ubuntu 24.04 LTS must not have the "ntp" package installed. | CONFIGURATION MANAGEMENT |
| UBTU-24-100030 - Ubuntu 24.04 LTS must not have the telnet package installed. | IDENTIFICATION AND AUTHENTICATION |
| UBTU-24-100040 - Ubuntu 24.04 LTS must not have the rsh-server package installed. | CONFIGURATION MANAGEMENT |
| UBTU-24-100100 - Ubuntu 24.04 LTS must use a file integrity tool to verify correct operation of all security functions. | SYSTEM AND INFORMATION INTEGRITY |
| UBTU-24-100110 - Ubuntu 24.04 LTS must configure AIDE to preform file integrity checking on the file system. | SYSTEM AND INFORMATION INTEGRITY |
| UBTU-24-100120 - Ubuntu 24.04 LTS must be configured so that the script which runs each 30 days or less to check file integrity is the default one. | SYSTEM AND INFORMATION INTEGRITY |
| UBTU-24-100130 - Ubuntu 24.04 LTS must notify designated personnel if baseline configurations are changed in an unauthorized manner. The file integrity tool must notify the system administrator (SA) when changes to the baseline configuration or anomalies in the operation of any security functions are discovered. | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| UBTU-24-100200 - Ubuntu 24.04 LTS must be configured to preserve log records from failure events. | SYSTEM AND COMMUNICATIONS PROTECTION |
| UBTU-24-100300 - Ubuntu 24.04 LTS must have an application firewall installed in order to control remote access methods. | ACCESS CONTROL |
| UBTU-24-100310 - Ubuntu 24.04 LTS must enable and run the Uncomplicated Firewall (ufw). | ACCESS CONTROL |
| UBTU-24-100400 - Ubuntu 24.04 LTS must have the "auditd" package installed. | AUDIT AND ACCOUNTABILITY |
| UBTU-24-100410 - Ubuntu 24.04 LTS must produce audit records and reports containing information to establish when, where, what type, the source, and the outcome for all DOD-defined auditable events and actions in near real time. | AUDIT AND ACCOUNTABILITY |
| UBTU-24-100450 - Ubuntu 24.04 LTS audit event multiplexor must be configured to offload audit logs onto a different system or storage media from the system being audited. | AUDIT AND ACCOUNTABILITY |
| UBTU-24-100500 - Ubuntu 24.04 LTS must have AppArmor installed. | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| UBTU-24-100510 - Ubuntu 24.04 LTS must be configured to use AppArmor. | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| UBTU-24-100600 - Ubuntu 24.04 LTS must have the "libpam-pwquality" package installed. | CONFIGURATION MANAGEMENT |
| UBTU-24-100650 - Ubuntu 24.04 LTS must have the "SSSD" package installed. | IDENTIFICATION AND AUTHENTICATION |
| UBTU-24-100660 - Ubuntu 24.04 LTS must use the "SSSD" package for multifactor authentication services. | IDENTIFICATION AND AUTHENTICATION |
| UBTU-24-100700 - Ubuntu 24.04 LTS must have the "chrony" package installed. | CONFIGURATION MANAGEMENT |
| UBTU-24-100800 - Ubuntu 24.04 LTS must have SSH installed. | SYSTEM AND COMMUNICATIONS PROTECTION |
| UBTU-24-100810 - Ubuntu 24.04 LTS must use SSH to protect the confidentiality and integrity of transmitted information. | SYSTEM AND COMMUNICATIONS PROTECTION |
| UBTU-24-100820 - Ubuntu 24.04 LTS must configure the SSH daemon to use FIPS 140-3 approved ciphers to prevent the unauthorized disclosure of information and/or detect changes to information during transmission. | ACCESS CONTROL, MAINTENANCE, SYSTEM AND COMMUNICATIONS PROTECTION |
| UBTU-24-100830 - Ubuntu 24.04 LTS must configure the SSH daemon to use Message Authentication Codes (MACs) employing FIPS 140-3 approved cryptographic hashes to prevent the unauthorized disclosure of information and/or detect changes to information during transmission. | ACCESS CONTROL, MAINTENANCE, SYSTEM AND COMMUNICATIONS PROTECTION |
| UBTU-24-100840 - Ubuntu 24.04 LTS SSH server must be configured to use only FIPS 140-3 validated key exchange algorithms. | ACCESS CONTROL |
| UBTU-24-100850 - Ubuntu 24.04 LTS must configure the SSH client to use FIPS 140-3 approved ciphers to prevent the unauthorized disclosure of information and/or detect changes to information during transmission. | ACCESS CONTROL |
| UBTU-24-100860 - Ubuntu 24.04 LTS SSH client must be configured to use only Message Authentication Codes (MACs) employing FIPS 140-3 validated cryptographic hash algorithms. | ACCESS CONTROL |
| UBTU-24-100900 - Ubuntu 24.04 LTS must accept Personal Identity Verification (PIV) credentials. | IDENTIFICATION AND AUTHENTICATION |
| UBTU-24-100910 - Ubuntu 24.04 LTS must accept Personal Identity Verification (PIV) credentials managed through the Privileged Access Management (PAM) framework. | IDENTIFICATION AND AUTHENTICATION |
| UBTU-24-101000 - Ubuntu 24.04 LTS must allow users to directly initiate a session lock for all connection types. | ACCESS CONTROL |
| UBTU-24-102000 - Ubuntu 24.04 LTS when booted must require authentication upon booting into single-user and maintenance modes. | ACCESS CONTROL |
| UBTU-24-102010 - Ubuntu 24.04 LTS must initiate session audits at system startup. | AUDIT AND ACCOUNTABILITY |
| UBTU-24-200000 - Ubuntu 24.04 LTS must limit the number of concurrent sessions to 10 for all accounts and/or account types. | ACCESS CONTROL |
| UBTU-24-200020 - Ubuntu 24.04 LTS must initiate a graphical session lock after 10 minutes of inactivity. | ACCESS CONTROL |
| UBTU-24-200040 - Ubuntu 24.04 LTS must retain a user's session lock until the user reestablishes access using established identification and authentication procedures. | ACCESS CONTROL |
| UBTU-24-200060 - Ubuntu 24.04 LTS must automatically terminate a user session after inactivity timeouts have expired. | ACCESS CONTROL |
| UBTU-24-200090 - Ubuntu 24.04 LTS must monitor remote access methods. | ACCESS CONTROL |
| UBTU-24-200250 - Ubuntu 24.04 LTS must automatically remove or disable emergency accounts after 72 hours. | ACCESS CONTROL |
| UBTU-24-200260 - Ubuntu 24.04 LTS must disable account identifiers (individuals, groups, roles, and devices) after 35 days of inactivity. | ACCESS CONTROL |
| UBTU-24-200280 - Ubuntu 24.04 LTS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd. | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| UBTU-24-200290 - Ubuntu 24.04 LTS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group. | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| UBTU-24-200300 - Ubuntu 24.04 LTS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow. | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| UBTU-24-200310 - Ubuntu 24.04 LTS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/gshadow. | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| UBTU-24-200320 - Ubuntu 24.04 LTS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/opasswd. | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| UBTU-24-200580 - Ubuntu 24.04 LTS must prevent all software from executing at higher privilege levels than users executing the software and the audit system must be configured to audit the execution of privileged functions. | ACCESS CONTROL |
| UBTU-24-200610 - Ubuntu 24.04 LTS must automatically lock an account until the locked account is released by an administrator when three unsuccessful logon attempts have been made. | ACCESS CONTROL |
| UBTU-24-200640 - Ubuntu 24.04 LTS must display the Standard Mandatory DOD Notice and Consent Banner before granting access to via an SSH logon. | ACCESS CONTROL |
| UBTU-24-200650 - Ubuntu 24.04 LTS must enable the graphical user logon banner to display the Standard Mandatory DOD Notice and Consent Banner before granting local access to the system via a graphical user logon. | ACCESS CONTROL |
