Detections
Analytics

DISA STIG Ubuntu 18.04 LTS v2r7

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: DISA STIG Ubuntu 18.04 LTS v2r7

Updated: 8/23/2022

Authority: Operating Systems and Applications

Plugin: Unix

Revision: 1.2

Estimated Item Count: 308

Audit Items

DescriptionCategories
DISA_STIG_Ubuntu_18.04_LTS_v2r7.audit from DISA Canonical Ubuntu 18.04 LTS v2r7 STIG
UBTU-18-010000 - Ubuntu operating systems booted with a BIOS must require authentication upon booting into single-user and maintenance modes.
UBTU-18-010001 - Ubuntu operating systems booted with United Extensible Firmware Interface (UEFI) implemented must require authentication upon booting into single-user mode and maintenance.
UBTU-18-010002 - The Ubuntu operating system must initiate session audits at system startup.
UBTU-18-010003 - Ubuntu operating systems handling data requiring data at rest protections must employ cryptographic mechanisms to prevent unauthorized disclosure and modification of the information at rest.
UBTU-18-010005 - The Ubuntu operating system must implement NIST FIPS-validated cryptography to protect classified information and for the following: to provision digital signatures, to generate cryptographic hashes, and to protect unclassified information requiring confidentiality and cryptographic protection in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards.
UBTU-18-010006 - The Ubuntu operating system must immediately notify the SA and ISSO (at a minimum) when allocated audit record storage volume reaches 75% of the repository maximum audit record storage capacity - action_mail_acct
UBTU-18-010006 - The Ubuntu operating system must immediately notify the SA and ISSO (at a minimum) when allocated audit record storage volume reaches 75% of the repository maximum audit record storage capacity - space_left
UBTU-18-010006 - The Ubuntu operating system must immediately notify the SA and ISSO (at a minimum) when allocated audit record storage volume reaches 75% of the repository maximum audit record storage capacity - space_left_action
UBTU-18-010006 - The Ubuntu operating system must immediately notify the SA and ISSO (at a minimum) when allocated audit record storage volume reaches 75% of the repository maximum audit record storage capacity - space_left_action syslog
UBTU-18-010007 - The Ubuntu operating system audit event multiplexor must be configured to off-load audit logs onto a different system in real time, if the system is interconnected - active=yes
UBTU-18-010007 - The Ubuntu operating system audit event multiplexor must be configured to off-load audit logs onto a different system in real time, if the system is interconnected - installed
UBTU-18-010007 - The Ubuntu operating system audit event multiplexor must be configured to off-load audit logs onto a different system in real time, if the system is interconnected - remote_server
UBTU-18-010008 - The Ubuntu operating system must have a crontab script running weekly to off-load audit events of standalone systems.
UBTU-18-010016 - Advance package Tool (APT) must be configured to prevent the installation of patches, service packs, device drivers, or Ubuntu operating system components without verification they have been digitally signed using a certificate that is recognized and approved by the organization.
UBTU-18-010017 - The Ubuntu operating system must be configured so that Advance package Tool (APT) removes all software components after updated versions have been installed - Remove-Unused-Dependencies
UBTU-18-010017 - The Ubuntu operating system must be configured so that Advance package Tool (APT) removes all software components after updated versions have been installed - Remove-Unused-Kernel-Packages
UBTU-18-010018 - The Ubuntu operating system must not have the Network Information Service (NIS) package installed.
UBTU-18-010019 - The Ubuntu operating system must not have the rsh-server package installed.
UBTU-18-010021 - The Ubuntu operating system must deploy Endpoint Security for Linux Threat Prevention (ENSLTP) - package
UBTU-18-010021 - The Ubuntu operating system must deploy Endpoint Security for Linux Threat Prevention (ENSLTP) - service
UBTU-18-010022 - The Ubuntu operating system must be configured to preserve log records from failure events - active
UBTU-18-010022 - The Ubuntu operating system must be configured to preserve log records from failure events - enabled
UBTU-18-010022 - The Ubuntu operating system must be configured to preserve log records from failure events - installed
UBTU-18-010023 - The Ubuntu operating system must have an application firewall installed in order to control remote access methods.
UBTU-18-010025 - The Ubuntu operating system audit event multiplexor must be configured to off-load audit logs onto a different system or storage media from the system being audited - active
UBTU-18-010025 - The Ubuntu operating system audit event multiplexor must be configured to off-load audit logs onto a different system or storage media from the system being audited - auditd is-active
UBTU-18-010025 - The Ubuntu operating system audit event multiplexor must be configured to off-load audit logs onto a different system or storage media from the system being audited - installed
UBTU-18-010025 - The Ubuntu operating system audit event multiplexor must be configured to off-load audit logs onto a different system or storage media from the system being audited - remote_server
UBTU-18-010030 - The Ubuntu operating system must be configured such that Pluggable Authentication Module (PAM) prohibits the use of cached authentications after one day - /etc/sssd/conf.d/*
UBTU-18-010030 - The Ubuntu operating system must be configured such that Pluggable Authentication Module (PAM) prohibits the use of cached authentications after one day - /etc/sssd/sssd.conf
UBTU-18-010031 - The Ubuntu operating system must enforce a delay of at least 4 seconds between logon prompts following a failed logon attempt.
UBTU-18-010032 - The Ubuntu operating system must display the date and time of the last successful account logon upon logon.
UBTU-18-010033 - The Ubuntu operating system must be configured so that three consecutive invalid logon attempts by a user automatically locks the account until released by an administrator.
UBTU-18-010035 - The Ubuntu operating system must display the Standard Mandatory DoD Notice and Consent Banner before granting local access to the system via a graphical user logon - banner text
UBTU-18-010035 - The Ubuntu operating system must display the Standard Mandatory DoD Notice and Consent Banner before granting local access to the system via a graphical user logon - banner-message-enable
UBTU-18-010036 - The Ubuntu operating system must prevent direct login into the root account.
UBTU-18-010037 - The Ubuntu operating system must be configured so that only users who need access to security functions are part of the sudo group.
UBTU-18-010038 - The Ubuntu operating system must display the Standard Mandatory DoD Notice and Consent Banner before granting any publically accessible connection to the system.
UBTU-18-010100 - The Ubuntu operating system must enforce password complexity by requiring that at least one upper-case character be used - ucredit
UBTU-18-010101 - The Ubuntu operating system must enforce password complexity by requiring that at least one lower-case character be used - lcredit
UBTU-18-010102 - The Ubuntu operating system must enforce password complexity by requiring that at least one numeric character be used - dcredit
UBTU-18-010103 - The Ubuntu operating system must require the change of at least 8 characters when passwords are changed - difok
UBTU-18-010104 - The Ubuntu operating system must encrypt all stored passwords with a FIPS 140-2 approved cryptographic hashing algorithm.
UBTU-18-010105 - The Ubuntu operating system must not have the telnet package installed.
UBTU-18-010106 - The Ubuntu operating system must enforce 24 hours/1 day as the minimum password lifetime. Passwords for new users must have a 24 hours/1 day minimum password lifetime restriction.
UBTU-18-010107 - The Ubuntu operating system must enforce a 60-day maximum password lifetime restriction. Passwords for new users must have a 60-day maximum password lifetime restriction.
UBTU-18-010108 - The Ubuntu operating system must prohibit password reuse for a minimum of five generations.
UBTU-18-010109 - The Ubuntu operating system must enforce a minimum 15-character password length.
UBTU-18-010110 - The Ubuntu operating system must employ a FIPS 140-2 approved cryptographic hashing algorithms for all created and stored passwords - ENCRYPT_METHOD