{"description": "This profile contains configuration checks that align to the\nDISA STIG for Canonical Ubuntu 22.04 LTS V2R3.", "extends": null, "hidden": "", "status": "", "metadata": {"version": "V2R3", "SMEs": ["mpurg", "dodys", "alanmcanonical", "ericeberry"]}, "reference": "https://www.cyber.mil/stigs/downloads", "selections": ["account_disable_post_pw_expiration", "account_temp_expire_date", "accounts_max_concurrent_login_sessions", "accounts_maximum_age_login_defs", "accounts_minimum_age_login_defs", "accounts_password_pam_dcredit", "accounts_password_pam_dictcheck", "accounts_password_pam_difok", "accounts_password_pam_enforcing", "accounts_password_pam_lcredit", "accounts_password_pam_minlen", "accounts_password_pam_ocredit", "accounts_password_pam_retry", "accounts_password_pam_ucredit", "accounts_passwords_pam_faildelay_delay", "accounts_passwords_pam_faillock_audit", "accounts_passwords_pam_faillock_deny", "accounts_passwords_pam_faillock_interval", "accounts_passwords_pam_faillock_silent", "accounts_passwords_pam_faillock_unlock_time", "accounts_tmout", "accounts_umask_etc_login_defs", "aide_build_database", "aide_check_audit_tools", "aide_disable_silentreports", "aide_periodic_cron_checking", "apparmor_configured", "apt_conf_disallow_unauthenticated", "audit_rules_dac_modification_chmod", "audit_rules_dac_modification_chown", "audit_rules_dac_modification_fchmod", "audit_rules_dac_modification_fchmodat", "audit_rules_dac_modification_fchown", "audit_rules_dac_modification_fchownat", "audit_rules_dac_modification_fremovexattr", "audit_rules_dac_modification_fsetxattr", "audit_rules_dac_modification_lchown", "audit_rules_dac_modification_lremovexattr", "audit_rules_dac_modification_lsetxattr", "audit_rules_dac_modification_removexattr", "audit_rules_dac_modification_setxattr", "audit_rules_execution_chacl", "audit_rules_execution_chcon", "audit_rules_execution_setfacl", "audit_rules_file_deletion_events_rename", "audit_rules_file_deletion_events_renameat", "audit_rules_file_deletion_events_rmdir", "audit_rules_file_deletion_events_unlink", "audit_rules_file_deletion_events_unlinkat", "audit_rules_kernel_module_loading_delete", "audit_rules_kernel_module_loading_finit", "audit_rules_kernel_module_loading_init", "audit_rules_login_events_faillog", "audit_rules_login_events_lastlog", "audit_rules_privileged_commands_apparmor_parser", "audit_rules_privileged_commands_chage", "audit_rules_privileged_commands_chfn", "audit_rules_privileged_commands_chsh", "audit_rules_privileged_commands_crontab", "audit_rules_privileged_commands_fdisk", "audit_rules_privileged_commands_gpasswd", "audit_rules_privileged_commands_kmod", "audit_rules_privileged_commands_modprobe", "audit_rules_privileged_commands_mount", "audit_rules_privileged_commands_newgrp", "audit_rules_privileged_commands_pam_timestamp_check", "audit_rules_privileged_commands_passwd", "audit_rules_privileged_commands_ssh_agent", "audit_rules_privileged_commands_ssh_keysign", "audit_rules_privileged_commands_su", "audit_rules_privileged_commands_sudo", "audit_rules_privileged_commands_sudoedit", "audit_rules_privileged_commands_umount", "audit_rules_privileged_commands_unix_update", "audit_rules_privileged_commands_usermod", "audit_rules_session_events_btmp", "audit_rules_session_events_utmp", "audit_rules_session_events_wtmp", "audit_rules_sudoers", "audit_rules_sudoers_d", "audit_rules_suid_privilege_function", "audit_rules_unsuccessful_file_modification_creat", "audit_rules_unsuccessful_file_modification_ftruncate", "audit_rules_unsuccessful_file_modification_open", "audit_rules_unsuccessful_file_modification_open_by_handle_at", "audit_rules_unsuccessful_file_modification_openat", "audit_rules_unsuccessful_file_modification_truncate", "audit_rules_usergroup_modification_group", "audit_rules_usergroup_modification_gshadow", "audit_rules_usergroup_modification_opasswd", "audit_rules_usergroup_modification_passwd", "audit_rules_usergroup_modification_shadow", "audit_rules_var_log_journal", "audit_sudo_log_events", "auditd_audispd_configure_remote_server", "auditd_audispd_configure_sufficiently_large_partition", "auditd_data_disk_full_action", "auditd_data_retention_action_mail_acct", "auditd_data_retention_space_left_action", "auditd_data_retention_space_left_percentage", "auditd_offload_logs", "banner_etc_issue_net", "bios_enable_execution_restrictions", "check_ufw_active", "chronyd_or_ntpd_set_maxpoll", "chronyd_sync_clock", "clean_components_post_updating", "dconf_gnome_banner_enabled", "dconf_gnome_disable_ctrlaltdel_reboot", "dconf_gnome_login_banner_text", "dconf_gnome_screensaver_idle_delay", "dconf_gnome_screensaver_lock_delay", "dconf_gnome_screensaver_lock_enabled", "dir_group_ownership_library_dirs", "dir_groupowner_system_journal", "dir_groupownership_binary_dirs", "dir_owner_system_journal", "dir_ownership_binary_dirs", "dir_ownership_library_dirs", "dir_permissions_binary_dirs", "dir_permissions_system_journal", "dir_perms_world_writable_sticky_bits", "directory_permissions_var_log_audit", "disable_ctrlaltdel_reboot", "encrypt_partitions", "ensure_rtc_utc_configuration", "ensure_sudo_group_restricted", "file_group_ownership_var_log_audit_stig", "file_groupowner_journalctl", "file_groupowner_system_journal", "file_groupowner_var_log", "file_groupowner_var_log_syslog", "file_groupownership_audit_configuration", "file_groupownership_system_commands_dirs", "file_owner_journalctl", "file_owner_system_journal", "file_owner_var_log", "file_owner_var_log_syslog", "file_ownership_audit_binaries", "file_ownership_audit_configuration", "file_ownership_binary_dirs", "file_ownership_library_dirs", "file_ownership_var_log_audit_stig", "file_permissions_audit_binaries", "file_permissions_binary_dirs", "file_permissions_etc_audit_auditd", "file_permissions_etc_audit_rules", "file_permissions_etc_audit_rulesd", "file_permissions_journalctl", "file_permissions_library_dirs", "file_permissions_system_journal", "file_permissions_var_log", "file_permissions_var_log_audit_stig", "file_permissions_var_log_syslog", "grub2_audit_argument", "grub2_password", "grub2_uefi_password", "install_smartcard_packages", "is_fips_mode_enabled", "kernel_module_usb-storage_disabled", "no_duplicate_uids", "no_empty_passwords", "no_empty_passwords_etc_shadow", "only_allow_dod_certs", "package_aide_installed", "package_apparmor_installed", "package_audit-audispd-plugins_installed", "package_audit_installed", "package_chrony_installed", "package_ntp_removed", "package_opensc_installed", "package_openssh-server_installed", "package_pam_pwquality_installed", "package_rsh-server_removed", "package_telnetd_removed", "package_timesyncd_removed", "package_ufw_installed", "permissions_local_var_log", "prevent_direct_root_logins", "root_permissions_syslibrary_files", "rsyslog_remote_access_monitoring", "service_auditd_enabled", "service_kdump_disabled", "service_rsyslog_enabled", "service_sshd_enabled", "service_ufw_enabled", "set_password_hashing_algorithm_logindefs", "set_password_hashing_algorithm_systemauth", "smartcard_configure_ca", "smartcard_configure_cert_checking", "smartcard_configure_crl", "smartcard_pam_enabled", "sshd_disable_empty_passwords", "sshd_disable_x11_forwarding", "sshd_do_not_permit_user_env", "sshd_enable_pam", "sshd_enable_pubkey_auth", "sshd_enable_warning_banner_net", "sshd_set_idle_timeout", "sshd_set_keepalive", "sshd_use_approved_ciphers_ordered_stig", "sshd_use_approved_kex_ordered_stig", "sshd_use_approved_macs_ordered_stig", "sshd_x11_use_localhost", "sssd_offline_cred_expiration", "sudo_require_authentication", "sysctl_kernel_dmesg_restrict", "sysctl_kernel_randomize_va_space", "sysctl_net_ipv4_tcp_syncookies", "ufw_only_required_services", "ufw_rate_limit", "verify_use_mappers", "vlock_installed", "wireless_disable_interfaces", "var_auditd_space_left_percentage=25pc", "var_auditd_space_left_action=email", "var_auditd_disk_full_action=halt", "var_auditd_action_mail_acct=root", "var_password_pam_retry=3", "var_password_pam_difok=8", "var_password_pam_minlen=15", "var_password_pam_dictcheck=1", "var_password_pam_ocredit=1", "var_password_pam_dcredit=1", "var_password_pam_lcredit=1", "var_password_pam_ucredit=1", "var_accounts_user_umask=077", "var_accounts_tmout=15_min", "var_accounts_max_concurrent_login_sessions=10", "var_password_pam_delay=4000000", "var_accounts_passwords_pam_faillock_deny=3", "var_accounts_passwords_pam_faillock_fail_interval=900", "var_accounts_passwords_pam_faillock_unlock_time=never", "var_accounts_maximum_age_login_defs=60", "var_accounts_minimum_age_login_defs=1", "inactivity_timeout_value=15_minutes", "var_screensaver_lock_delay=immediate", "login_banner_text=dod_banners", "sshd_idle_timeout_value=10_minutes", "var_sshd_set_keepalive=1", "remote_login_banner_text=dod_banners", "var_time_service_set_maxpoll=18_hours"], "unselected_groups": [], "platforms": [], "cpe_names": [], "platform": null, "filter_rules": "", "policies": ["stig_ubuntu2204"], "single_rule_profile": false, "title": "Canonical Ubuntu 22.04 LTS Security Technical Implementation Guide (STIG) V2R3", "definition_location": "/aptdata/openscap/scap-security-guide/products/ubuntu2204/profiles/stig.profile"}