| V-275566 | | Ubuntu OS must require authentication upon booting into single-user and maintenance modes. | To mitigate the risk of unauthorized access to sensitive information by entities that have been issued certificates by DOD-approved PKIs, all DOD syst... |
| V-275571 | | Ubuntu OS must be configured so that the Advance Package Tool (APT) prevents the installation of patches, service packs, device drivers, or operating system components without verification they have been digitally signed using a certificate recognized and approved by the organization. | Changes to any software components can have significant effects on the overall security of the operating system. This requirement ensures the software... |
| V-275577 | | Ubuntu OS must not have the "telnet" package installed. | It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessa... |
| V-275620 | | Ubuntu OS must not allow unattended or automatic login via SSH. | Failure to restrict system access to authenticated users negatively impacts Ubuntu OS security.... |
| V-275625 | | Ubuntu OS must configure the SSH daemon to use Message Authentication Codes (MACs) employing FIPS 140-2/140-3 -approved cryptographic hashes to prevent the unauthorized disclosure of information and/or detect changes to information during transmission. | Without cryptographic integrity protections, information can be altered by unauthorized users without detection.
Remote access (e.g., RDP) is ac... |
| V-275626 | | Ubuntu OS SSH server must be configured to use only FIPS-validated key exchange algorithms. | Without cryptographic integrity protections provided by FIPS-validated cryptographic algorithms, information can be viewed and altered by unauthorized... |
| V-275627 | | Ubuntu OS must use strong authenticators in establishing nonlocal maintenance and diagnostic sessions. | Nonlocal maintenance and diagnostic activities are those activities conducted by individuals communicating through a network, either an external netwo... |
| V-275648 | | Ubuntu OS must ensure only users who need access to security functions are part of sudo group. | An isolation boundary provides access control and protects the integrity of the hardware, software, and firmware that perform security functions.
... |
| V-275657 | | Ubuntu OS must store only encrypted representations of passwords. | Passwords must be protected at all times and encryption is the standard method for protecting passwords. If passwords are not encrypted, they can be p... |
| V-275673 | | Ubuntu OS must use cryptographic mechanisms to protect the integrity of audit tools. | Protecting the integrity of the tools used for auditing purposes is a critical step toward ensuring the integrity of audit information. Audit informat... |
| V-275735 | | Ubuntu OS must implement NIST FIPS-validated cryptography. | Use of weak or untested encryption algorithms undermines the purposes of utilizing encryption to protect data. The operating system must implement cry... |
| V-275534 | | Ubuntu OS must be configured so that audit configuration files are not write-accessible by unauthorized users. | Without the capability to restrict which roles and individuals can select which events are audited, unauthorized personnel may be able to prevent the ... |
| V-275565 | | Ubuntu OS must disable the x86 Ctrl-Alt-Delete key sequence. | A locally logged-on user who presses Ctrl-Alt-Delete, when at the console, can reboot the system. If accidentally pressed, as could happen in the case... |
| V-275567 | | Ubuntu OS must restrict access to the kernel message buffer. | Restricting access to the kernel message buffer limits access only to root. This prevents attackers from gaining additional system information as a no... |
| V-275568 | | Ubuntu OS must disable kernel core dumps. | Kernel core dumps may contain the full contents of system memory at the time of the crash. Kernel core dumps may consume a considerable amount of disk... |
| V-275569 | | Ubuntu OS must implement address space layout randomization to protect its memory from unauthorized code execution. | Some adversaries launch attacks with the intent of executing code in nonexecutable regions of memory or in prohibited memory locations. Security safeg... |
| V-275570 | | Ubuntu OS must implement nonexecutable data to protect its memory from unauthorized code execution. | Some adversaries launch attacks with the intent of executing code in nonexecutable regions of memory or in memory locations that are prohibited. Secur... |
| V-275573 | | Ubuntu OS must have the "libpam-pwquality" package installed. | Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure... |
| V-275574 | | Ubuntu OS must not have the "systemd-timesyncd" package installed. | Inaccurate time stamps make it more difficult to correlate events and can lead to an inaccurate analysis. Determining the correct time a particular ev... |
| V-275575 | | Ubuntu OS must not have the "ntp" package installed. | Inaccurate time stamps make it more difficult to correlate events and can lead to an inaccurate analysis. Determining the correct time a particular ev... |
| V-275576 | | Ubuntu OS must not have the "rsh-server" package installed. | It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessa... |
| V-275578 | | Ubuntu OS must implement cryptographic mechanisms to prevent unauthorized disclosure and modification of all information that requires protection at rest. | Operating systems handling data requiring "data at rest" protections must employ cryptographic mechanisms to prevent unauthorized disclosure and modif... |
| V-275579 | | Ubuntu OS must have directories that contain system commands set to a mode of "755" or less permissive. | Protecting audit information also includes identifying and protecting the tools used to view and manipulate log data. Therefore, protecting audit tool... |
| V-275580 | | Ubuntu OS must have system commands set to a mode of "755" or less permissive. | If Ubuntu OS were to allow any user to make changes to software libraries, then those changes might be implemented without undergoing the appropriate ... |
| V-275581 | | Ubuntu OS library files must have mode "755" or less permissive. | If the operating system were to allow any user to make changes to software libraries, then those changes might be implemented without undergoing the a... |
| V-275582 | | Ubuntu OS must configure the "/var/log" directory to have mode "755" or less permissive. | Only authorized personnel should be aware of errors and the details of the errors. Error messages are an indicator of an organization's operational st... |
| V-275583 | | Ubuntu OS must generate error messages that provide information necessary for corrective actions without revealing information that could be exploited by adversaries. | Any operating system providing too much information in error messages risks compromising the data and security of the structure, and content of error ... |
| V-275584 | | Ubuntu OS must generate system journal entries without revealing information that could be exploited by adversaries. | Any operating system providing too much information in error messages risks compromising the data and security of the structure, and content of error ... |
| V-275585 | | Ubuntu OS must configure "/var/log/syslog" file with mode "640" or less permissive. | Only authorized personnel should be aware of errors and the details of the errors. Error messages are an indicator of an organization's operational st... |
| V-275586 | | Ubuntu OS must configure audit tools with a mode of "755" or less permissive. | Protecting audit information also includes identifying and protecting the tools used to view and manipulate log data. Therefore, protecting audit tool... |
| V-275587 | | Ubuntu OS must have directories that contain system commands owned by "root". | Protecting audit information also includes identifying and protecting the tools used to view and manipulate log data. Therefore, protecting audit tool... |
| V-275588 | | Ubuntu OS must have directories that contain system commands group-owned by "root". | Protecting audit information also includes identifying and protecting the tools used to view and manipulate log data. Therefore, protecting audit tool... |
| V-275589 | | Ubuntu OS must have system commands owned by "root" or a system account. | If Ubuntu OS were to allow any user to make changes to software libraries, then those changes could be implemented without undergoing the appropriate ... |
| V-275590 | | Ubuntu OS must have system commands group-owned by "root" or a system account. | If Ubuntu OS were to allow any user to make changes to software libraries, then those changes could be implemented without undergoing the appropriate ... |
| V-275591 | | Ubuntu OS library directories must be owned by "root". | If the operating system were to allow any user to make changes to software libraries, then those changes might be implemented without undergoing the a... |
| V-275592 | | Ubuntu OS library directories must be group-owned by "root". | If the operating system were to allow any user to make changes to software libraries, then those changes might be implemented without undergoing the a... |
| V-275593 | | Ubuntu OS library files must be owned by "root". | If the operating system were to allow any user to make changes to software libraries, then those changes could be implemented without undergoing the a... |
| V-275594 | | Ubuntu OS library files must be group-owned by "root". | If the operating system were to allow any user to make changes to software libraries, then those changes could be implemented without undergoing the a... |
| V-275595 | | Ubuntu OS must configure the directories used by the system journal to be owned by "root". | Only authorized personnel should be aware of errors and the details of the errors. Error messages are an indicator of an organization's operational st... |
| V-275596 | | Ubuntu OS must configure the directories used by the system journal to be group-owned by "systemd-journal". | Only authorized personnel should be aware of errors and the details of the errors. Error messages are an indicator of an organization's operational st... |
| V-275597 | | Ubuntu OS must configure the files used by the system journal to be owned by "root". | Only authorized personnel should be aware of errors and the details of the errors. Error messages are an indicator of an organization's operational st... |
| V-275598 | | Ubuntu OS must configure the files used by the system journal to be group-owned by "systemd-journal". | Only authorized personnel should be aware of errors and the details of the errors. Error messages are an indicator of an organization's operational st... |
| V-275599 | | Ubuntu OS must be configured so that the "journalctl" command is owned by "root". | Only authorized personnel should be aware of errors and the details of the errors. Error messages are an indicator of an organization's operational st... |
| V-275600 | | Ubuntu OS must be configured so that the "journalctl" command is group-owned by "root". | Only authorized personnel should be aware of errors and the details of the errors. Error messages are an indicator of an organization's operational st... |
| V-275601 | | Ubuntu OS must configure audit tools to be owned by "root". | Protecting audit information also includes identifying and protecting the tools used to view and manipulate log data. Therefore, protecting audit tool... |
| V-275602 | | Ubuntu OS must configure the "/var/log" directory to be owned by "root". | Only authorized personnel should be aware of errors and the details of the errors. Error messages are an indicator of an organization's operational st... |
| V-275603 | | Ubuntu OS must configure the "/var/log" directory to be group-owned by "syslog". | Only authorized personnel should be aware of errors and the details of the errors. Error messages are an indicator of an organization's operational st... |
| V-275604 | | Ubuntu OS must configure "/var/log/syslog" file to be owned by "syslog". | Only authorized personnel should be aware of errors and the details of the errors. Error messages are an indicator of an organization's operational st... |
| V-275605 | | Ubuntu OS must configure the "/var/log/syslog" file to be group-owned by "adm". | Only authorized personnel should be aware of errors and the details of the errors. Error messages are an indicator of an organization's operational st... |
| V-275606 | | Ubuntu OS must be configured so that the "journalctl" command is not accessible by unauthorized users. | Any operating system providing too much information in error messages risks compromising the data and security of the structure, and content of error ... |
| V-275607 | | Ubuntu OS must set a sticky bit on all public directories to prevent unauthorized and unintended information transferred via shared system resources. | Preventing unauthorized information transfers mitigates the risk of information, including encrypted representations of information, produced by the a... |
| V-275608 | | Ubuntu OS must have an application firewall installed to control remote access methods. | Remote access services, such as those providing remote access to network devices and information systems, which lack automated control capabilities, i... |
| V-275609 | | Ubuntu OS must enable and run the Uncomplicated Firewall (ufw). | Remote access services, such as those providing remote access to network devices and information systems, which lack automated control capabilities, i... |
| V-275610 | | Ubuntu OS must have an application firewall enabled. | Firewalls protect computers from network attacks by blocking or limiting access to open network ports. Application firewalls limit which applications ... |
| V-275611 | | Ubuntu OS must configure the Uncomplicated Firewall (ufw) to rate limit impacted network interfaces. | Denial of service (DoS) is a condition when a resource is not available for legitimate users. When this occurs, the organization either cannot accompl... |
| V-275612 | | Ubuntu OS must be configured to prohibit or restrict the use of functions, ports, protocols, and/or services, as defined in the Ports, Protocols, and Services Management Category Assurance List (PPSM CAL) and vulnerability assessments. | To prevent unauthorized connection of devices, unauthorized transfer of information, or unauthorized tunneling (i.e., embedding of data types within d... |
| V-275613 | | Ubuntu OS must compare internal information system clocks at least every 24 hours with a server synchronized to one of the redundant United States Naval Observatory (USNO) time servers, or a time server designated for the appropriate DOD network (NIPRNet/SIPRNet), and/or the Global Positioning System (GPS) to synchronize clocks between NetIM components. | Inaccurate time stamps make it more difficult to correlate events and can lead to an inaccurate analysis. Determining the correct time a particular ev... |
| V-275614 | | Ubuntu OS must synchronize internal information system clocks to the authoritative time source when the time difference is greater than one second. | Inaccurate time stamps make it more difficult to correlate events and can lead to an inaccurate analysis. Determining the correct time a particular ev... |
| V-275616 | | Ubuntu OS must be configured to use TCP syncookies. | Denial of service (DoS) is a condition when a resource is not available for legitimate users. When this occurs, the organization either cannot accompl... |
| V-275617 | | Ubuntu OS must restrict SSH access to allow only NetIM internal communication. | Remote access is not authorized for connection to the Riverbed NetIM shell to minimize and deter system administrators from accessing the shell, bash ... |
| V-275619 | | Ubuntu OS must display the Standard Mandatory DOD Notice and Consent Banner before granting any user connection to the OS. | Display of a standardized and approved use notification before granting access to the publicly accessible operating system ensures privacy and securit... |
| V-275621 | | Ubuntu OS must be configured so that all network connections associated with SSH traffic terminate after becoming unresponsive. | Terminating an unresponsive SSH session within a short time period reduces the window of opportunity for unauthorized personnel to take control of a m... |
| V-275622 | | Ubuntu OS must be configured so that remote X connections are disabled, unless to fulfill documented and validated mission requirements. | The security risk of using X11 forwarding is that the client's X11 display server may be exposed to attack when the SSH client requests forwarding. Fo... |
| V-275623 | | Ubuntu OS SSH daemon must prevent remote hosts from connecting to the proxy display. | When X11 forwarding is enabled, there may be additional exposure to the server and client displays if the sshd proxy display is configured to listen o... |
| V-275624 | | Ubuntu OS must configure the SSH daemon to use FIPS 140-2/140-3 approved ciphers to prevent the unauthorized disclosure of information and/or detect changes to information during transmission. | Without cryptographic integrity protections, information can be altered by unauthorized users without detection.
Remote access (e.g., RDP) is ac... |
| V-275628 | | Ubuntu OS must retain a user's session lock until that user reestablishes access using established identification and authentication procedures. | A session lock is a temporary action taken when a user stops work and moves away from the immediate physical vicinity of the information system but do... |
| V-275629 | | Ubuntu OS must initiate a graphical session lock after 15 minutes of inactivity. | A session lock is a temporary action taken when a user stops work and moves away from the immediate physical vicinity of the information system but do... |
| V-275630 | | Ubuntu OS must disable the x86 Ctrl-Alt-Delete key sequence if a graphical user interface is installed. | A locally logged-on user who presses Ctrl-Alt-Delete when at the console can reboot the system. If accidentally pressed, as could happen in the case o... |
| V-275631 | | Ubuntu OS must disable automatic mounting of Universal Serial Bus (USB) mass storage driver. | Without authenticating devices, unidentified or unknown devices may be introduced, thereby facilitating malicious activity.
Peripherals include, bu... |
| V-275633 | | Ubuntu OS must prevent direct login into the root account. | To ensure individual accountability and prevent unauthorized access, organizational users must be individually identified and authenticated.
A gr... |
| V-275634 | | Ubuntu OS must uniquely identify interactive users. | To ensure accountability and prevent unauthenticated access, organizational users must be identified and authenticated to prevent potential misuse and... |
| V-275642 | | Ubuntu OS must allow users to directly initiate a session lock for all connection types. | A session lock is a temporary action taken when a user stops work and moves away from the immediate physical vicinity of the information system but do... |
| V-275643 | | Ubuntu OS must automatically exit interactive command shell user sessions after five minutes of inactivity. | Terminating an idle interactive command shell user session within a short time period reduces the window of opportunity for unauthorized personnel to ... |
| V-275645 | | Ubuntu OS must have the "apparmor" package installed. | Control of program execution is a mechanism used to prevent execution of unauthorized programs. Some operating systems may provide a capability that r... |
| V-275646 | | Ubuntu OS must be configured to use AppArmor. | Control of program execution is a mechanism used to prevent execution of unauthorized programs. Some operating systems may provide a capability that r... |
| V-275647 | | Ubuntu OS must require users to reauthenticate for privilege escalation or when changing roles. | Without reauthentication, users may access resources or perform tasks for which they do not have authorization.
When operating systems provide t... |
| V-275649 | | Ubuntu OS must enforce password complexity by requiring at least one uppercase character be used. | Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure... |
| V-275650 | | Ubuntu OS must enforce password complexity by requiring at least one lowercase character be used. | Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure... |
| V-275651 | | Ubuntu OS must enforce password complexity by requiring at least one numeric character be used. | Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure... |
| V-275652 | | Ubuntu OS must enforce password complexity by requiring at least one special character be used. | Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity or strength is a measure o... |
| V-275653 | | Ubuntu OS must prevent the use of dictionary words for passwords. | If Ubuntu OS allows the user to select passwords based on dictionary words, then this increases the chances of password compromise by increasing the o... |
| V-275654 | | Ubuntu OS must enforce a minimum 15-character password length. | The shorter the password, the lower the number of possible combinations that need to be tested before the password is compromised.
Password compl... |
| V-275655 | | Ubuntu OS must require the change of at least eight characters when passwords are changed. | If the operating system allows the user to consecutively reuse extensive portions of passwords, this increases the chances of password compromise by i... |
| V-275656 | | Ubuntu OS must be configured so that when passwords are changed or new passwords are established, pwquality must be used. | Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure... |
| V-275658 | | Ubuntu OS must not allow accounts configured with blank or null passwords. | If an account has an empty password, anyone could log on and run commands with the privileges of that account. Accounts with empty passwords must neve... |
| V-275659 | | Ubuntu OS must not have accounts configured with blank or null passwords. | If an account has an empty password, anyone could log on and run commands with the privileges of that account. Accounts with empty passwords must neve... |
| V-275660 | | Ubuntu OS must encrypt all stored passwords with a FIPS 140-2/140-3-approved cryptographic hashing algorithm. | Passwords need to be protected at all times, and encryption is the standard method for protecting passwords. If passwords are not encrypted, they can ... |
| V-275668 | | Ubuntu OS must be configured such that Pluggable Authentication Module (PAM) prohibits the use of cached authentications after one day. | If cached authentication information is out-of-date, the validity of the authentication information may be questionable.... |
| V-275669 | | Ubuntu OS must use a file integrity tool to verify correct operation of all security functions. | Without verification of the security functions, security functions may not operate correctly and the failure may go unnoticed. Security function is de... |
| V-275670 | | Ubuntu OS must configure AIDE to perform file integrity checking on the file system. | Without verification of the security functions, security functions may not operate correctly and the failure may go unnoticed. Security function is de... |
| V-275671 | | Ubuntu OS must notify designated personnel if baseline configurations are changed in an unauthorized manner. | Unauthorized changes to the baseline configuration could make the system vulnerable to various attacks or allow unauthorized access to the operating s... |
| V-275672 | | Ubuntu OS must be configured so that the script that runs each 30 days or less to check file integrity is the default. | Without verification of the security functions, security functions may not operate correctly and the failure may go unnoticed. Security function is de... |
| V-275675 | | Ubuntu OS must be configured to preserve log records from failure events. | Failure to a known state can address safety or security in accordance with the mission/business needs of the organization. Failure to a known secure s... |
| V-275676 | | Ubuntu OS must monitor remote access methods. | Remote access services, such as those providing remote access to network devices and information systems, which lack automated monitoring capabilities... |
| V-275677 | | Ubuntu OS must have the "auditd" package installed. | Without establishing the when, where, type, source, and outcome of events that occurred, it would be difficult to establish, correlate, and investigat... |
| V-275678 | | Ubuntu OS must produce audit records and reports containing information to establish when, where, what type, the source, and the outcome for all DOD-defined auditable events and actions in near real time. | Without establishing the when, where, type, source, and outcome of events that occurred, it would be difficult to establish, correlate, and investigat... |
| V-275679 | | Ubuntu OS audit event multiplexor must be configured to off-load audit logs onto a different system from the system being audited. | Information stored in one location is vulnerable to accidental or incidental deletion or alteration.
Off-loading is a common process in informati... |
| V-275680 | | Ubuntu OS must alert the information system security officer (ISSO) and system administrator (SA) in the event of an audit processing failure. | It is critical for the appropriate personnel to be aware if a system is at risk of failing to process audit logs as required. Without this notificatio... |
| V-275683 | | Ubuntu OS must be configured so that audit log files are not read- or write-accessible by unauthorized users. | Unauthorized disclosure of audit records can reveal system and configuration data to attackers, thus compromising its confidentiality.
Audit info... |
| V-275684 | | Ubuntu OS must be configured to permit only authorized users ownership of the audit log files. | Unauthorized disclosure of audit records can reveal system and configuration data to attackers, thus compromising its confidentiality.
Audit info... |
| V-275685 | | Ubuntu OS must permit only authorized groups ownership of the audit log files. | Unauthorized disclosure of audit records can reveal system and configuration data to attackers, thus compromising its confidentiality.
Audit info... |
| V-275686 | | Ubuntu OS must be configured so that the audit log directory is not write-accessible by unauthorized users. | If audit information were to become compromised, then forensic analysis and discovery of the true source of potentially malicious system activity is i... |
| V-275687 | | Ubuntu OS must permit only authorized accounts to own the audit configuration files. | Without the capability to restrict which roles and individuals can select which events are audited, unauthorized personnel may be able to prevent the ... |
| V-275688 | | Ubuntu OS must permit only authorized groups to own the audit configuration files. | Without the capability to restrict which roles and individuals can select which events are audited, unauthorized personnel may be able to prevent the ... |
| V-275689 | | Ubuntu OS must generate audit records for successful/unsuccessful uses of the apparmor_parser command. | Without generating audit records specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and in... |
| V-275690 | | Ubuntu OS must generate audit records for successful/unsuccessful uses of the chacl command. | Without generating audit records specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and in... |
| V-275691 | | Ubuntu OS must generate audit records for successful/unsuccessful uses of the chage command. | Without generating audit records specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and in... |
| V-275692 | | Ubuntu OS must generate audit records for successful/unsuccessful uses of the chcon command. | Without generating audit records specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and in... |
| V-275693 | | Ubuntu OS must generate audit records for successful/unsuccessful uses of the chfn command. | Without generating audit records specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and in... |
| V-275694 | | Ubuntu OS must generate audit records for successful/unsuccessful uses of the chsh command. | Without generating audit records specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and in... |
| V-275695 | | Ubuntu OS must generate audit records for successful/unsuccessful uses of the crontab command. | Without generating audit records specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and in... |
| V-275696 | | Ubuntu OS must generate audit records for successful/unsuccessful attempts to use the fdisk command. | Without generating audit records specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and in... |
| V-275697 | | Ubuntu OS must generate audit records for successful/unsuccessful uses of the gpasswd command. | Without generating audit records specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and in... |
| V-275698 | | Ubuntu OS must generate audit records for successful/unsuccessful attempts to use the kmod command. | Without generating audit records specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and in... |
| V-275699 | | Ubuntu OS must generate audit records for successful/unsuccessful attempts to use modprobe command. | Without generating audit records specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and in... |
| V-275700 | | Ubuntu OS must generate audit records for successful/unsuccessful uses of the mount command. | Without generating audit records specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and in... |
| V-275701 | | Ubuntu OS must generate audit records for successful/unsuccessful uses of the newgrp command. | Without generating audit records specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and in... |
| V-275702 | | Ubuntu OS must generate audit records for successful/unsuccessful uses of the pam_timestamp_check command. | Without generating audit records specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and in... |
| V-275703 | | Ubuntu OS must generate audit records for successful/unsuccessful uses of the passwd command. | Without generating audit records specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and in... |
| V-275704 | | Ubuntu OS must generate audit records for successful/unsuccessful uses of the setfacl command. | Without generating audit records specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and in... |
| V-275705 | | Ubuntu OS must generate audit records for successful/unsuccessful uses of the ssh-agent command. | Without generating audit records specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and in... |
| V-275706 | | Ubuntu OS must generate audit records for successful/unsuccessful uses of the ssh-keysign command. | Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlat... |
| V-275707 | | Ubuntu OS must generate audit records for successful/unsuccessful uses of the su command. | Without generating audit records specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and in... |
| V-275708 | | Ubuntu OS must generate audit records for successful/unsuccessful uses of the sudo command. | Without generating audit records specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and in... |
| V-275709 | | Ubuntu OS must generate audit records for successful/unsuccessful uses of the sudoedit command. | Without generating audit records specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and in... |
| V-275710 | | Ubuntu OS must generate audit records for successful/unsuccessful uses of the umount command. | Without generating audit records specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and in... |
| V-275711 | | Ubuntu OS must generate audit records for successful/unsuccessful uses of the unix_update command. | Without generating audit records specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and in... |
| V-275712 | | Ubuntu OS must generate audit records for successful/unsuccessful uses of the usermod command. | Without generating audit records specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and in... |
| V-275713 | | Ubuntu OS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group. | Once an attacker establishes access to a system, the attacker often attempts to create a persistent method of reestablishing access. One way to accomp... |
| V-275714 | | Ubuntu OS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/gshadow. | Once an attacker establishes access to a system, the attacker often attempts to create a persistent method of reestablishing access. One way to accomp... |
| V-275715 | | Ubuntu OS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/opasswd. | Once an attacker establishes access to a system, the attacker often attempts to create a persistent method of reestablishing access. One way to accomp... |
| V-275716 | | Ubuntu OS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd. | Once an attacker establishes access to a system, the attacker often attempts to create a persistent method of reestablishing access. One way to accomp... |
| V-275717 | | Ubuntu OS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow. | Once an attacker establishes access to a system, the attacker often attempts to create a persistent method of reestablishing access. One way to accomp... |
| V-275718 | | Ubuntu OS must generate audit records for successful/unsuccessful uses of the chmod, fchmod, and fchmodat system calls. | Without generating audit records specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and in... |
| V-275719 | | Ubuntu OS must generate audit records for successful/unsuccessful uses of the chown, fchown, fchownat, and lchown system calls. | Without generating audit records specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and in... |
| V-275720 | | Ubuntu OS must generate audit records for successful/unsuccessful uses of the creat, open, openat, open_by_handle_at, truncate, and ftruncate system calls. | Without generating audit records specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and in... |
| V-275721 | | Ubuntu OS must generate audit records for successful/unsuccessful uses of the delete_module system call. | Without generating audit records specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and in... |
| V-275722 | | Ubuntu OS must generate audit records for successful/unsuccessful uses of the init_module and finit_module system calls. | Without generating audit records specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and in... |
| V-275723 | | Ubuntu OS must generate audit records for any use of the setxattr, fsetxattr, lsetxattr, removexattr, fremovexattr, and lremovexattr system calls. | Without generating audit records specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and in... |
| V-275724 | | Ubuntu OS must generate audit records for any successful/unsuccessful use of unlink, unlinkat, rename, renameat, and rmdir system calls. | Without generating audit records specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and in... |
| V-275725 | | Ubuntu OS must generate audit records for all events that affect the systemd journal files. | Once an attacker establishes access to a system, the attacker often attempts to create a persistent method of reestablishing access. One way to accomp... |
| V-275726 | | Ubuntu OS must generate audit records for the /var/log/btmp file. | Without generating audit records specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and in... |
| V-275727 | | Ubuntu OS must generate audit records for the /var/log/wtmp file. | Without generating audit records specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and in... |
| V-275728 | | Ubuntu OS must generate audit records for the /var/run/utmp file. | Without generating audit records specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and in... |
| V-275729 | | Ubuntu OS must generate audit records for the use and modification of the faillog file. | Without generating audit records specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and in... |
| V-275730 | | Ubuntu OS must generate audit records for the use and modification of the lastlog file. | Without generating audit records specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and in... |
| V-275731 | | Ubuntu OS must generate audit records when successful/unsuccessful attempts to modify the /etc/sudoers file occur. | Without generating audit records specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and in... |
| V-275732 | | Ubuntu OS must generate audit records when successful/unsuccessful attempts to modify the /etc/sudoers.d directory occur. | Without generating audit records specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and in... |
| V-275733 | | Ubuntu OS must prevent all software from executing at higher privilege levels than users executing the software, and the audit system must be configured to audit the execution of privileged functions. | In certain situations, software applications/programs need to execute with elevated privileges to perform required functions. However, if the privileg... |
| V-275734 | | Ubuntu OS must generate audit records for privileged activities, nonlocal maintenance, diagnostic sessions, and other system-level access. | If events associated with nonlocal administrative access or diagnostic sessions are not logged, a major tool for assessing and investigating attacks w... |
| V-275615 | | Ubuntu OS must record time stamps for audit records that can be mapped to Coordinated Universal Time (UTC). | If time stamps are not consistently applied and there is no common time reference, it is difficult to perform forensic analysis.
Time stamps gene... |
| V-275640 | | Ubuntu OS must enforce a delay of at least four seconds between logon prompts following a failed logon attempt. | Limiting the number of logon attempts over a certain time interval reduces the chances that an unauthorized user may gain access to an account.... |
| V-275674 | | Ubuntu OS must have a crontab script running weekly to off-load audit events of standalone systems. | Information stored in one location is vulnerable to accidental or incidental deletion or alteration.
Off-loading is a common process in informati... |
| V-275682 | | Ubuntu OS must immediately notify the system administrator (SA) and information system security officer (ISSO) when the audit record storage volume reaches 25 percent remaining of the allocated capacity. | If security personnel are not notified immediately when storage volume reaches 25 percent remaining of the allocated capacity, they are unable to plan... |
