This web site uses advanced JavaScript for several data processing functions. Internet Explorer has severe deficiencies in it's JavaScript engine. Please use a modern day browser, such as Chrome or Edge, in order to take full advantage of this web site.
This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: [email protected]
Vuln
Rule
Version
CCI
Severity
Title
Description
SV-219147r508662_rule
UBTU-18-010000
CCI-000213
HIGH
Ubuntu operating systems booted with a BIOS must require authentication upon booting into single-user and maintenance modes.
To mitigate the risk of unauthorized access to sensitive information by entities that have been issued certificates by DoD-approved PKIs, all DoD systems (e.g., web servers and web portals) must be properly configured to incorporate access control methods that do not rely solely on the possession of a certificate for access. Successful authentication must not automatically give an entity access to an asset or security boundary. Authorization procedures and controls must be implemented to ensure each authenticated entity also has a validated and current authorization. Authorization is the process of determining whether an entity, once authenticated, is permitted to access a specific asset. Information systems use access control policies and enforcement mechanisms to implement this requirement.
Access control policies include: identity-based policies, role-based policies, and attribute-based policies. Access enforcement mechanisms include: access control lists, access control matrices, and cryptography. These policies and mechanisms must be employed by the application to control access between users (or processes acting on behalf of users) and objects (e.g., devices, files, records, processes, programs, and domains) in the information system.
SV-219148r508662_rule
UBTU-18-010001
CCI-000213
HIGH
Ubuntu operating systems booted with United Extensible Firmware Interface (UEFI) implemented must require authentication upon booting into single-user mode and maintenance.
To mitigate the risk of unauthorized access to sensitive information by entities that have been issued certificates by DoD-approved PKIs, all DoD systems (e.g., web servers and web portals) must be properly configured to incorporate access control methods that do not rely solely on the possession of a certificate for access. Successful authentication must not automatically give an entity access to an asset or security boundary. Authorization procedures and controls must be implemented to ensure each authenticated entity also has a validated and current authorization. Authorization is the process of determining whether an entity, once authenticated, is permitted to access a specific asset. Information systems use access control policies and enforcement mechanisms to implement this requirement.
Access control policies include: identity-based policies, role-based policies, and attribute-based policies. Access enforcement mechanisms include: access control lists, access control matrices, and cryptography. These policies and mechanisms must be employed by the application to control access between users (or processes acting on behalf of users) and objects (e.g., devices, files, records, processes, programs, and domains) in the information system.
SV-219149r508662_rule
UBTU-18-010002
CCI-001464
MEDIUM
The Ubuntu operating system must initiate session audits at system startup.
If auditing is enabled late in the startup process, the actions of some startup processes may not be audited. Some audit systems also maintain state information only available if auditing is enabled before a given process is created.
SV-219151r508662_rule
UBTU-18-010005
CCI-002450
HIGH
The Ubuntu operating system must implement NIST FIPS-validated cryptography to protect classified information and for the following: to provision digital signatures, to generate cryptographic hashes, and to protect unclassified information requiring confidentiality and cryptographic protection in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards.
Use of weak or untested encryption algorithms undermines the purposes of utilizing encryption to protect data. The operating system must implement cryptographic modules adhering to the higher standards approved by the federal government since this provides assurance they have been tested and validated.
Satisfies: SRG-OS-000478-GPOS-00223, SRG-OS-000396-GPOS-00176
SV-219157r508662_rule
UBTU-18-010018
CCI-000381
HIGH
The Ubuntu operating system must not have the Network Information Service (NIS) package installed.
Removing the Network Information Service (NIS) package decreases the risk of the accidental (or intentional) activation of NIS or NIS+ services.
SV-219158r508662_rule
UBTU-18-010019
CCI-000381
HIGH
The Ubuntu operating system must not have the rsh-server package installed.
It is detrimental for Ubuntu operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
Ubuntu operating systems are capable of providing a wide variety of functions and services. Some of the functions and services, provided by default, may not be necessary to support essential organizational operations (e.g., key missions, functions).
The rsh-server service provides an unencrypted remote access service that does not provide for the confidentiality and integrity of user passwords or the remote session and has very weak authentication.
If a privileged user were to log on using this service, the privileged user password could be compromised.
SV-219161r508662_rule
UBTU-18-010023
CCI-002314
MEDIUM
The Ubuntu operating system must have an application firewall installed in order to control remote access methods.
Remote access services, such as those providing remote access to network devices and information systems, which lack automated control capabilities, increase risk and make remote user access management difficult at best.
Remote access is access to DoD nonpublic information systems by an authorized user (or an information system) communicating through an external, non-organization-controlled network. Remote access methods include, for example, dial-up, broadband, and wireless.
Ubuntu operating system functionality (e.g., RDP) must be capable of taking enforcement action if the audit reveals unauthorized activity. Automated control of remote access sessions allows organizations to ensure ongoing compliance with remote access policies by enforcing connection rules of remote access applications on a variety of information system components (e.g., servers, workstations, notebook computers, smartphones, and tablets).
SV-219164r508662_rule
UBTU-18-010031
CCI-000366
LOW
The Ubuntu operating system must enforce a delay of at least 4 seconds between logon prompts following a failed logon attempt.
Limiting the number of logon attempts over a certain time interval reduces the chances that an unauthorized user may gain access to an account.
SV-219165r508662_rule
UBTU-18-010032
CCI-000366
LOW
The Ubuntu operating system must display the date and time of the last successful account logon upon logon.
Configuring the Ubuntu operating system to implement organization-wide security implementation guides and security checklists ensures compliance with federal standards and establishes a common security baseline across DoD that reflects the most restrictive security posture consistent with operational requirements.
Configuration settings are the set of parameters that can be changed in hardware, software, or firmware components of the system that affect the security posture and/or functionality of the system. Security-related parameters are those parameters impacting the security state of the system, including the parameters required to satisfy other security control requirements. Security-related parameters include, for example: registry settings; account, file, directory permission settings; and settings for functions, ports, protocols, services, and remote connections.
SV-219166r508662_rule
UBTU-18-010033
CCI-000044
MEDIUM
The Ubuntu operating system must be configured so that three consecutive invalid logon attempts by a user automatically locks the account until released by an administrator.
By limiting the number of failed logon attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute-force attacks, is reduced. Limits are imposed by locking the account.
Satisfies: SRG-OS-000329-GPOS-00128
SV-219172r508662_rule
UBTU-18-010100
CCI-000192
LOW
The Ubuntu operating system must enforce password complexity by requiring that at least one upper-case character be used.
Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks.
Password complexity is one factor of several that determines how long it takes to crack a password. The more complex the password, the greater the number of possible combinations that need to be tested before the password is compromised.
SV-219173r508662_rule
UBTU-18-010101
CCI-000193
LOW
The Ubuntu operating system must enforce password complexity by requiring that at least one lower-case character be used.
Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks.
Password complexity is one factor of several that determines how long it takes to crack a password. The more complex the password, the greater the number of possible combinations that need to be tested before the password is compromised.
SV-219174r508662_rule
UBTU-18-010102
CCI-000194
LOW
The Ubuntu operating system must enforce password complexity by requiring that at least one numeric character be used.
Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks.
Password complexity is one factor of several that determines how long it takes to crack a password. The more complex the password, the greater the number of possible combinations that need to be tested before the password is compromised.
SV-219175r508662_rule
UBTU-18-010103
CCI-000195
LOW
The Ubuntu operating system must require the change of at least 8 characters when passwords are changed.
If the Ubuntu operating system allows the user to consecutively reuse extensive portions of passwords, this increases the chances of password compromise by increasing the window of opportunity for attempts at guessing and brute-force attacks.
The number of changed characters refers to the number of changes required with respect to the total number of positions in the current password. In other words, characters may be the same within the two passwords; however, the positions of the like characters must be different.
If the password length is an odd number then number of changed characters must be rounded up. For example, a password length of 15 characters must require the change of at least 8 characters.
SV-219176r508662_rule
UBTU-18-010104
CCI-000196
MEDIUM
The Ubuntu operating system must encrypt all stored passwords with a FIPS 140-2 approved cryptographic hashing algorithm.
Passwords need to be protected at all times, and encryption is the standard method for protecting passwords. If passwords are not encrypted, they can be plainly read (i.e., clear text) and easily compromised.
SV-219177r508662_rule
UBTU-18-010105
CCI-000197
HIGH
The Ubuntu operating system must not have the telnet package installed.
Passwords need to be protected at all times, and encryption is the standard method for protecting passwords. If passwords are not encrypted, they can be plainly read (i.e., clear text) and easily compromised.
SV-219178r508662_rule
UBTU-18-010106
CCI-000198
LOW
The Ubuntu operating system must enforce 24 hours/1 day as the minimum password lifetime. Passwords for new users must have a 24 hours/1 day minimum password lifetime restriction.
Enforcing a minimum password lifetime helps to prevent repeated password changes to defeat the password reuse or history enforcement requirement. If users are allowed to immediately and continually change their password, then the password could be repeatedly changed in a short period of time to defeat the organization's policy regarding password reuse.
SV-219179r508662_rule
UBTU-18-010107
CCI-000199
LOW
The Ubuntu operating system must enforce a 60-day maximum password lifetime restriction. Passwords for new users must have a 60-day maximum password lifetime restriction.
Any password, no matter how complex, can eventually be cracked. Therefore, passwords need to be changed periodically. If the operating system does not limit the lifetime of passwords and force users to change their passwords, there is the risk that the operating system passwords could be compromised.
SV-219181r508662_rule
UBTU-18-010109
CCI-000205
MEDIUM
The Ubuntu operating system must enforce a minimum 15-character password length.
The shorter the password, the lower the number of possible combinations that need to be tested before the password is compromised.
Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks. Password length is one factor of several that helps to determine strength and how long it takes to crack a password. Use of more characters in a password helps to exponentially increase the time and/or resources required to compromise the password.
SV-219184r508662_rule
UBTU-18-010113
CCI-000366
MEDIUM
The Ubuntu operating system must prevent the use of dictionary words for passwords.
If the Ubuntu operating system allows the user to select passwords based on dictionary words, then this increases the chances of password compromise by increasing the opportunity for successful guesses and brute-force attacks.
SV-219185r508662_rule
UBTU-18-010114
CCI-002038
MEDIUM
The Ubuntu operating system must require users to re-authenticate for privilege escalation and changing roles.
Without re-authentication, users may access resources or perform tasks for which they do not have authorization.
When the Ubuntu operating system provides the capability to escalate a functional capability or change security roles, it is critical the user re-authenticate.
Satisfies: SRG-OS-000373-GPOS-00156, SRG-OS-000373-GPOS-00157
SV-219188r508662_rule
UBTU-18-010121
CCI-001312
MEDIUM
The Ubuntu operating system must generate error messages that provide information necessary for corrective actions without revealing information that could be exploited by adversaries.
Any operating system providing too much information in error messages risks compromising the data and security of the structure, and content of error messages needs to be carefully considered by the organization.
Organizations carefully consider the structure/content of error messages. The extent to which information systems are able to identify and handle error conditions is guided by organizational policy and operational requirements. Information that could be exploited by adversaries includes, for example, erroneous logon attempts with passwords entered by mistake as the username, mission/business information that can be derived from (if not stated explicitly by) information recorded, and personal information, such as account numbers, social security numbers, and credit card numbers.
SV-219189r508662_rule
UBTU-18-010122
CCI-001314
MEDIUM
The Ubuntu operating system must configure the /var/log directory to be group-owned by syslog.
Only authorized personnel should be aware of errors and the details of the errors. Error messages are an indicator of an organization's operational state or can identify the operating system or platform. Additionally, Personally Identifiable Information (PII) and operational information must not be revealed through error messages to unauthorized personnel or their designated representatives.
The structure and content of error messages must be carefully considered by the organization and development team. The extent to which the information system is able to identify and handle error conditions is guided by organizational policy and operational requirements.
SV-219190r508662_rule
UBTU-18-010123
CCI-001314
MEDIUM
The Ubuntu operating system must configure the /var/log directory to be owned by root.
Only authorized personnel should be aware of errors and the details of the errors. Error messages are an indicator of an organization's operational state or can identify the operating system or platform. Additionally, Personally Identifiable Information (PII) and operational information must not be revealed through error messages to unauthorized personnel or their designated representatives.
The structure and content of error messages must be carefully considered by the organization and development team. The extent to which the information system is able to identify and handle error conditions is guided by organizational policy and operational requirements.
SV-219191r508662_rule
UBTU-18-010124
CCI-001314
MEDIUM
The Ubuntu operating system must configure the /var/log directory to have mode 0750 or less permissive.
Only authorized personnel should be aware of errors and the details of the errors. Error messages are an indicator of an organization's operational state or can identify the operating system or platform. Additionally, Personally Identifiable Information (PII) and operational information must not be revealed through error messages to unauthorized personnel or their designated representatives.
The structure and content of error messages must be carefully considered by the organization and development team. The extent to which the information system is able to identify and handle error conditions is guided by organizational policy and operational requirements.
SV-219194r508662_rule
UBTU-18-010127
CCI-001314
MEDIUM
The Ubuntu operating system must configure /var/log/syslog file with mode 0640 or less permissive.
Only authorized personnel should be aware of errors and the details of the errors. Error messages are an indicator of an organization's operational state or can identify the operating system or platform. Additionally, Personally Identifiable Information (PII) and operational information must not be revealed through error messages to unauthorized personnel or their designated representatives.
The structure and content of error messages must be carefully considered by the organization and development team. The extent to which the information system is able to identify and handle error conditions is guided by organizational policy and operational requirements.
SV-219195r508662_rule
UBTU-18-010128
CCI-001494
MEDIUM
The Ubuntu operating system must configure audit tools with a mode of 0755 or less permissive.
Protecting audit information also includes identifying and protecting the tools used to view and manipulate log data. Therefore, protecting audit tools is necessary to prevent unauthorized operation on audit information.
The Ubuntu operating system providing tools to interface with audit information will leverage user permissions and roles identifying the user accessing the tools and the corresponding rights the user enjoys in order to make access decisions regarding the access to audit tools.
Audit tools include, but are not limited to, vendor-provided and open source audit tools needed to successfully view and manipulate audit information system activity and records. Audit tools include custom queries and report generators.
Satisfies: SRG-OS-000256-GPOS-00097, SRG-OS-000257-GPOS-00098, SRG-OS-000258-GPOS-00099
SV-219196r508662_rule
UBTU-18-010129
CCI-001493
MEDIUM
The Ubuntu operating system must configure audit tools to be owned by root.
Protecting audit information also includes identifying and protecting the tools used to view and manipulate log data. Therefore, protecting audit tools is necessary to prevent unauthorized operation on audit information.
The Ubuntu operating system providing tools to interface with audit information will leverage user permissions and roles identifying the user accessing the tools and the corresponding rights the user enjoys in order to make access decisions regarding the access to audit tools.
Audit tools include, but are not limited to, vendor-provided and open source audit tools needed to successfully view and manipulate audit information system activity and records. Audit tools include custom queries and report generators.
SV-219197r508662_rule
UBTU-18-010130
CCI-001493
MEDIUM
The Ubuntu operating system must configure the audit tools to be group-owned by root.
Protecting audit information also includes identifying and protecting the tools used to view and manipulate log data. Therefore, protecting audit tools is necessary to prevent unauthorized operation on audit information.
The Ubuntu operating system providing tools to interface with audit information will leverage user permissions and roles identifying the user accessing the tools and the corresponding rights the user enjoys in order to make access decisions regarding the access to audit tools.
Audit tools include, but are not limited to, vendor-provided and open source audit tools needed to successfully view and manipulate audit information system activity and records. Audit tools include custom queries and report generators.
SV-219199r508662_rule
UBTU-18-010134
CCI-001499
MEDIUM
The Ubuntu operating system library directories must have mode 0755 or less permissive.
If the Ubuntu operating system were to allow any user to make changes to software libraries, then those changes might be implemented without undergoing the appropriate testing and approvals that are part of a robust change management process.
This requirement applies to Ubuntu operating systems with software libraries that are accessible and configurable, as in the case of interpreted languages. Software libraries also include privileged programs which execute with escalated privileges. Only qualified and authorized individuals must be allowed to obtain access to information system components for purposes of initiating changes, including upgrades and modifications.
SV-219201r508662_rule
UBTU-18-010136
CCI-001499
MEDIUM
The Ubuntu operating system library directories must be owned by root.
If the Ubuntu operating system were to allow any user to make changes to software libraries, then those changes might be implemented without undergoing the appropriate testing and approvals that are part of a robust change management process.
This requirement applies to Ubuntu operating systems with software libraries that are accessible and configurable, as in the case of interpreted languages. Software libraries also include privileged programs which execute with escalated privileges. Only qualified and authorized individuals must be allowed to obtain access to information system components for purposes of initiating changes, including upgrades and modifications.
SV-219203r508662_rule
UBTU-18-010138
CCI-001499
MEDIUM
The Ubuntu operating system library directories must be group-owned by root.
If the Ubuntu operating system were to allow any user to make changes to software libraries, then those changes might be implemented without undergoing the appropriate testing and approvals that are part of a robust change management process.
This requirement applies to Ubuntu operating systems with software libraries that are accessible and configurable, as in the case of interpreted languages. Software libraries also include privileged programs which execute with escalated privileges. Only qualified and authorized individuals must be allowed to obtain access to information system components for purposes of initiating changes, including upgrades and modifications.
SV-219204r508662_rule
UBTU-18-010139
CCI-001499
MEDIUM
The Ubuntu operating system must have system commands set to a mode of 0755 or less permissive.
If the Ubuntu operating system were to allow any user to make changes to software libraries, then those changes might be implemented without undergoing the appropriate testing and approvals that are part of a robust change management process.
This requirement applies to Ubuntu operating systems with software libraries that are accessible and configurable, as in the case of interpreted languages. Software libraries also include privileged programs which execute with escalated privileges. Only qualified and authorized individuals must be allowed to obtain access to information system components for purposes of initiating changes, including upgrades and modifications.
SV-219205r508662_rule
UBTU-18-010140
CCI-001499
MEDIUM
The Ubuntu operating system must have directories that contain system commands set to a mode of 0755 or less permissive.
If the Ubuntu operating system were to allow any user to make changes to software libraries, then those changes might be implemented without undergoing the appropriate testing and approvals that are part of a robust change management process.
This requirement applies to Ubuntu operating systems with software libraries that are accessible and configurable, as in the case of interpreted languages. Software libraries also include privileged programs which execute with escalated privileges. Only qualified and authorized individuals must be allowed to obtain access to information system components for purposes of initiating changes, including upgrades and modifications.
SV-219206r508662_rule
UBTU-18-010141
CCI-001499
MEDIUM
The Ubuntu operating system must have system commands owned by root.
If the Ubuntu operating system were to allow any user to make changes to software libraries, then those changes might be implemented without undergoing the appropriate testing and approvals that are part of a robust change management process.
This requirement applies to Ubuntu operating systems with software libraries that are accessible and configurable, as in the case of interpreted languages. Software libraries also include privileged programs which execute with escalated privileges. Only qualified and authorized individuals must be allowed to obtain access to information system components for purposes of initiating changes, including upgrades and modifications.
SV-219207r508662_rule
UBTU-18-010142
CCI-001499
MEDIUM
The Ubuntu operating system must have directories that contain system commands owned by root.
If the Ubuntu operating system were to allow any user to make changes to software libraries, then those changes might be implemented without undergoing the appropriate testing and approvals that are part of a robust change management process.
This requirement applies to Ubuntu operating systems with software libraries that are accessible and configurable, as in the case of interpreted languages. Software libraries also include privileged programs which execute with escalated privileges. Only qualified and authorized individuals must be allowed to obtain access to information system components for purposes of initiating changes, including upgrades and modifications.
SV-219208r508662_rule
UBTU-18-010143
CCI-001499
MEDIUM
The Ubuntu operating system must have system commands group-owned by root.
If the Ubuntu operating system were to allow any user to make changes to software libraries, then those changes might be implemented without undergoing the appropriate testing and approvals that are part of a robust change management process.
This requirement applies to Ubuntu operating systems with software libraries that are accessible and configurable, as in the case of interpreted languages. Software libraries also include privileged programs which execute with escalated privileges. Only qualified and authorized individuals must be allowed to obtain access to information system components for purposes of initiating changes, including upgrades and modifications.
SV-219209r508662_rule
UBTU-18-010144
CCI-001499
MEDIUM
The Ubuntu operating system must have directories that contain system commands group-owned by root.
If the Ubuntu operating system were to allow any user to make changes to software libraries, then those changes might be implemented without undergoing the appropriate testing and approvals that are part of a robust change management process.
This requirement applies to Ubuntu operating systems with software libraries that are accessible and configurable, as in the case of interpreted languages. Software libraries also include privileged programs which execute with escalated privileges. Only qualified and authorized individuals must be allowed to obtain access to information system components for purposes of initiating changes, including upgrades and modifications.
SV-219210r508662_rule
UBTU-18-010145
CCI-001619
LOW
The Ubuntu operating system must enforce password complexity by requiring that at least one special character be used.
Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity or strength is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks.
Password complexity is one factor in determining how long it takes to crack a password. The more complex the password, the greater the number of possible combinations that need to be tested before the password is compromised.
Special characters are those characters that are not alphanumeric. Examples include: ~ ! @ # $ % ^ *.
SV-219213r508662_rule
UBTU-18-010201
CCI-000172
MEDIUM
The Ubuntu operating system must generate audit records for the use and modification of the tallylog file.
Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
Audit records can be generated from various components within the information system (e.g., module or policy filter).
Satisfies: SRG-OS-000064-GPOS-00033, SRG-OS-000470-GPOS-00214, SRG-OS-000473-GPOS-00218
SV-219214r508662_rule
UBTU-18-010202
CCI-000172
MEDIUM
The Ubuntu operating system must generate audit records for the use and modification of faillog file.
Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
Audit records can be generated from various components within the information system (e.g., module or policy filter).
Satisfies: SRG-OS-000064-GPOS-00033, SRG-OS-000470-GPOS-00214, SRG-OS-000473-GPOS-00218
SV-219215r508662_rule
UBTU-18-010203
CCI-000172
MEDIUM
The Ubuntu operating system must generate audit records for the use and modification of the lastlog file.
Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
Audit records can be generated from various components within the information system (e.g., module or policy filter).
Satisfies: SRG-OS-000064-GPOS-00033, SRG-OS-000470-GPOS-00214, SRG-OS-000473-GPOS-00218
SV-219220r508662_rule
UBTU-18-010244
CCI-000172
MEDIUM
The Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.
Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
Audit records can be generated from various components within the information system (e.g., module or policy filter).
Satisfies: SRG-OS-000476-GPOS-00221, SRG-OS-000239-GPOS-00089, SRG-OS-000240-GPOS-00090, SRG-OS-000241-GPOS-00091, SRG-OS-000303-GPOS-00120, SRG-OS-000458-GPOS-00203, SRG-OS-000463-GPOS-00207, SRG-OS-000004-GPOS-00004
SV-219221r508662_rule
UBTU-18-010245
CCI-002130
MEDIUM
The Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group.
Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
Audit records can be generated from various components within the information system (e.g., module or policy filter).
Satisfies: SRG-OS-000476-GPOS-00221, SRG-OS-000239-GPOS-00089, SRG-OS-000240-GPOS-00090, SRG-OS-000241-GPOS-00091, SRG-OS-000303-GPOS-00120, SRG-OS-000458-GPOS-00203, SRG-OS-000463-GPOS-00207
SV-219222r508662_rule
UBTU-18-010246
CCI-000172
MEDIUM
The Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/gshadow.
Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
Audit records can be generated from various components within the information system (e.g., module or policy filter).
Satisfies: SRG-OS-000476-GPOS-00221, SRG-OS-000463-GPOS-00207, SRG-OS-000458-GPOS-00203, SRG-OS-000303-GPOS-00120, SRG-OS-000241-GPOS-00091, SRG-OS-000240-GPOS-00090, SRG-OS-000239-GPOS-00089
SV-219223r508662_rule
UBTU-18-010247
CCI-002130
MEDIUM
The Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow.
Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
Audit records can be generated from various components within the information system (e.g., module or policy filter).
Satisfies: SRG-OS-000476-GPOS-00221, SRG-OS-000463-GPOS-00207, SRG-OS-000458-GPOS-00203, SRG-OS-000303-GPOS-00120, SRG-OS-000241-GPOS-00091, SRG-OS-000240-GPOS-00090, SRG-OS-000239-GPOS-00089
SV-219224r508662_rule
UBTU-18-010248
CCI-000172
MEDIUM
The Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/security/opasswd.
Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
Audit records can be generated from various components within the information system (e.g., module or policy filter).
Satisfies: SRG-OS-000476-GPOS-00221, SRG-OS-000463-GPOS-00207, SRG-OS-000458-GPOS-00203, SRG-OS-000303-GPOS-00120, SRG-OS-000241-GPOS-00091, SRG-OS-000240-GPOS-00090, SRG-OS-000239-GPOS-00089
SV-219225r508662_rule
UBTU-18-010250
CCI-001814
MEDIUM
The Ubuntu operating system must produce audit records and reports containing information to establish when, where, what type, the source, and the outcome for all DoD-defined auditable events and actions in near real time.
Without establishing the when, where, type, source, and outcome of events that occurred, it would be difficult to establish, correlate, and investigate the events leading up to an outage or attack.
Without the capability to generate audit records, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
Audit record content that may be necessary to satisfy this requirement includes, for example, time stamps, source and destination addresses, user/process identifiers, event descriptions, success/fail indications, filenames involved, and access control or flow control rules invoked.
Reconstruction of harmful events or forensic analysis is not possible if audit records do not contain enough information.
Successful incident response and auditing relies on timely, accurate system information and analysis in order to allow the organization to identify and respond to potential incidents in a proficient manner. If the operating system does not provide the ability to centrally review the operating system logs, forensic analysis is negatively impacted.
Associating event types with detected events in the Ubuntu operating system audit logs provides a means of investigating an attack; recognizing resource utilization or capacity thresholds; or identifying an improperly configured operating system.
Satisfies: SRG-OS-000038-GPOS-00016, SRG-OS-000039-GPOS-00017, SRG-OS-000040-GPOS-00018, SRG-OS-000041-GPOS-00019, SRG-OS-000042-GPOS-00020, SRG-OS-000042-GPOS-00021, SRG-OS-000051-GPOS-00024, SRG-OS-000054-GPOS-00025, SRG-OS-000062-GPOS-00031, SRG-OS-000122-GPOS-00063, SRG-OS-000337-GPOS-00129, SRG-OS-000348-GPOS-00136, SRG-OS-000349-GPOS-00137, SRG-OS-000350-GPOS-00138, SRG-OS-000351-GPOS-00139, SRG-OS-000352-GPOS-00140, SRG-OS-000365-GPOS-00152, SRG-OS-000392-GPOS-00172, SRG-OS-000475-GPOS-00220
SV-219238r508662_rule
UBTU-18-010315
CCI-000172
MEDIUM
The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the su command.
Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
Audit records can be generated from various components within the information system (e.g., module or policy filter).
SV-219239r508662_rule
UBTU-18-010316
CCI-000172
MEDIUM
The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the chfn command.
Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
Audit records can be generated from various components within the information system (e.g., module or policy filter).
SV-219240r508662_rule
UBTU-18-010317
CCI-000172
MEDIUM
The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the mount command.
Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
Audit records can be generated from various components within the information system (e.g., module or policy filter).
SV-219241r508662_rule
UBTU-18-010318
CCI-000172
MEDIUM
The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the umount command.
Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
Audit records can be generated from various components within the information system (e.g., module or policy filter).
SV-219242r508662_rule
UBTU-18-010319
CCI-000172
MEDIUM
The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the ssh-agent command.
Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
Audit records can be generated from various components within the information system (e.g., module or policy filter).
SV-219243r508662_rule
UBTU-18-010320
CCI-000172
MEDIUM
The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the ssh-keysign command.
Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
Audit records can be generated from various components within the information system (e.g., module or policy filter).
SV-219244r508662_rule
UBTU-18-010321
CCI-000172
MEDIUM
The Ubuntu operating system must generate audit records for any usage of the setxattr system call.
Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
Audit records can be generated from various components within the information system (e.g., module or policy filter).
SV-219248r508662_rule
UBTU-18-010325
CCI-000172
MEDIUM
The Ubuntu operating system must generate audit records for any usage of the lremovexattr system call.
Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
Audit records can be generated from various components within the information system (e.g., module or policy filter).
SV-219249r508662_rule
UBTU-18-010326
CCI-000172
MEDIUM
The Ubuntu operating system must generate audit records for any usage of the fremovexattr system call.
Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
Audit records can be generated from various components within the information system (e.g., module or policy filter).
Satisfies: SRG-OS-000064-GPOS-00033, SRG-OS-000462-GPOS-00206, SRG-OS-000466-GPOS-00210
SV-219250r508662_rule
UBTU-18-010327
CCI-000172
MEDIUM
The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the chown system call.
Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
Audit records can be generated from various components within the information system (e.g., module or policy filter).
Satisfies: SRG-OS-000064-GPOS-00033, SRG-OS-000462-GPOS-00206
SV-219251r508662_rule
UBTU-18-010328
CCI-000172
MEDIUM
The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the fchown system call.
Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
Audit records can be generated from various components within the information system (e.g., module or policy filter).
Satisfies: SRG-OS-000064-GPOS-00033, SRG-OS-000462-GPOS-00206
SV-219252r508662_rule
UBTU-18-010329
CCI-000172
MEDIUM
The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the fchownat system call.
Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
Audit records can be generated from various components within the information system (e.g., module or policy filter).
SV-219253r508662_rule
UBTU-18-010330
CCI-000172
MEDIUM
The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the lchown system call.
Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
Audit records can be generated from various components within the information system (e.g., module or policy filter).
Satisfies: SRG-OS-000064-GPOS-00033, SRG-OS-000462-GPOS-00206
SV-219254r508662_rule
UBTU-18-010331
CCI-000172
MEDIUM
The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the chmod system call.
Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
Audit records can be generated from various components within the information system (e.g., module or policy filter).
Satisfies: SRG-OS-000064-GPOS-00033, SRG-OS-000462-GPOS-00206
SV-219255r508662_rule
UBTU-18-010332
CCI-000172
MEDIUM
The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the fchmod system call.
Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
Audit records can be generated from various components within the information system (e.g., module or policy filter).
Satisfies: SRG-OS-000064-GPOS-00033, SRG-OS-000462-GPOS-00206
SV-219256r508662_rule
UBTU-18-010333
CCI-000172
MEDIUM
The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the fchmodat system call.
Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
Audit records can be generated from various components within the information system (e.g., module or policy filter).
Satisfies: SRG-OS-000064-GPOS-00033, SRG-OS-000462-GPOS-00206
SV-219257r508662_rule
UBTU-18-010334
CCI-000172
MEDIUM
The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the open system call.
Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
Audit records can be generated from various components within the information system (e.g., module or policy filter).
Satisfies: SRG-OS-000064-GPOS-00033, SRG-OS-000474-GPOS-00219
SV-219261r508662_rule
UBTU-18-010338
CCI-000172
MEDIUM
The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the openat system call.
Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
Audit records can be generated from various components within the information system (e.g., module or policy filter).
Satisfies: SRG-OS-000064-GPOS-00033, SRG-OS-000474-GPOS-00219
SV-219262r508662_rule
UBTU-18-010339
CCI-000172
MEDIUM
The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the open_by_handle_at system call.
Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
Audit records can be generated from various components within the information system (e.g., module or policy filter).
Satisfies: SRG-OS-000064-GPOS-00033, SRG-OS-000474-GPOS-00219
SV-219263r508662_rule
UBTU-18-010340
CCI-000172
MEDIUM
The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the sudo command.
Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
Audit records can be generated from various components within the information system (e.g., module or policy filter).
SV-219264r508662_rule
UBTU-18-010341
CCI-000172
MEDIUM
The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the sudoedit command.
Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
Audit records can be generated from various components within the information system (e.g., module or policy filter).
SV-219265r508662_rule
UBTU-18-010342
CCI-000172
MEDIUM
The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the chsh command.
Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
Audit records can be generated from various components within the information system (e.g., module or policy filter).
SV-219266r508662_rule
UBTU-18-010343
CCI-000172
MEDIUM
The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the newgrp command.
Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
Audit records can be generated from various components within the information system (e.g., module or policy filter).
SV-219267r508662_rule
UBTU-18-010344
CCI-000172
MEDIUM
The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the chcon command.
Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
Audit records can be generated from various components within the information system (e.g., module or policy filter).
SV-219268r508662_rule
UBTU-18-010345
CCI-000172
MEDIUM
The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the apparmor_parser command.
Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
Audit records can be generated from various components within the information system (e.g., module or policy filter).
SV-219269r508662_rule
UBTU-18-010346
CCI-000172
MEDIUM
The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the setfacl command.
Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
Audit records can be generated from various components within the information system (e.g., module or policy filter).
SV-219270r508662_rule
UBTU-18-010347
CCI-000172
MEDIUM
The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the chacl command.
Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
Audit records can be generated from various components within the information system (e.g., module or policy filter).
SV-219271r508662_rule
UBTU-18-010348
CCI-000172
MEDIUM
The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the passwd command.
Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
Audit records can be generated from various components within the information system (e.g., module or policy filter).
SV-219272r508662_rule
UBTU-18-010349
CCI-000172
MEDIUM
The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the unix_update command.
Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
Audit records can be generated from various components within the information system (e.g., module or policy filter).
SV-219273r508662_rule
UBTU-18-010350
CCI-000172
MEDIUM
The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the gpasswd command.
Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
Audit records can be generated from various components within the information system (e.g., module or policy filter).
SV-219274r508662_rule
UBTU-18-010351
CCI-000172
MEDIUM
The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the chage command.
Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
Audit records can be generated from various components within the information system (e.g., module or policy filter).
SV-219275r508662_rule
UBTU-18-010352
CCI-000172
MEDIUM
The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the usermod command.
Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
Audit records can be generated from various components within the information system (e.g., module or policy filter).
SV-219276r508662_rule
UBTU-18-010353
CCI-000172
MEDIUM
The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the crontab command.
Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
Audit records can be generated from various components within the information system (e.g., module or policy filter).
SV-219277r508662_rule
UBTU-18-010354
CCI-000172
MEDIUM
The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the pam_timestamp_check command.
Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
Audit records can be generated from various components within the information system (e.g., module or policy filter).
SV-219278r508662_rule
UBTU-18-010355
CCI-000172
MEDIUM
The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the init_module syscall.
Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
Audit records can be generated from various components within the information system (e.g., module or policy filter).
SV-219279r508662_rule
UBTU-18-010356
CCI-000172
MEDIUM
The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the finit_module syscall.
Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
Audit records can be generated from various components within the information system (e.g., module or policy filter).
SV-219280r508662_rule
UBTU-18-010357
CCI-000172
MEDIUM
The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the delete_module syscall.
Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
Audit records can be generated from various components within the information system (e.g., module or policy filter).
SV-219281r508662_rule
UBTU-18-010358
CCI-002233
MEDIUM
The Ubuntu operating system must prevent all software from executing at higher privilege levels than users executing the software and the audit system must be configured to audit the execution of privileged functions.
In certain situations, software applications/programs need to execute with elevated privileges to perform required functions. However, if the privileges required for execution are at a higher level than the privileges assigned to organizational users invoking such applications/programs, those users are indirectly provided with greater privileges than assigned by the organizations.
Some programs and processes are required to operate at a higher privilege level and therefore should be excluded from the organization-defined software list after review.
Satisfies: SRG-OS-000326-GPOS-00126, SRG-OS-000327-GPOS-00127
SV-219283r508662_rule
UBTU-18-010367
CCI-000172
MEDIUM
The Ubuntu operating system must generate audit records when successful/unsuccessful attempts to use lsetxattr system call.
Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
Audit records can be generated from various components within the information system (e.g., module or policy filter).
SV-219284r508662_rule
UBTU-18-010368
CCI-000172
MEDIUM
The Ubuntu operating system must generate audit records when successful/unsuccessful attempts to use fsetxattr system call.
Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
Audit records can be generated from various components within the information system (e.g., module or policy filter).
SV-219285r508662_rule
UBTU-18-010369
CCI-000172
MEDIUM
The Ubuntu operating system must generate audit records when successful/unsuccessful attempts to use the removexattr system call.
Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
Audit records can be generated from various components within the information system (e.g., module or policy filter).
Satisfies: SRG-OS-000462-GPOS-00206, SRG-OS-000466-GPOS-00210
SV-219287r508662_rule
UBTU-18-010375
CCI-000172
MEDIUM
The Ubuntu operating system must generate audit records when successful/unsuccessful use of unlink system call.
Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
Audit records can be generated from various components within the information system (e.g., module or policy filter).
SV-219288r508662_rule
UBTU-18-010376
CCI-000172
MEDIUM
The Ubuntu operating system must generate audit records when successful/unsuccessful use of unlinkat system call.
Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
Audit records can be generated from various components within the information system (e.g., module or policy filter).
SV-219289r508662_rule
UBTU-18-010377
CCI-000172
MEDIUM
The Ubuntu operating system must generate audit records when successful/unsuccessful use of rename system call.
Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
Audit records can be generated from various components within the information system (e.g., module or policy filter).
SV-219290r508662_rule
UBTU-18-010378
CCI-000172
MEDIUM
The Ubuntu operating system must generate audit records when successful/unsuccessful use of renameat system call.
Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
Audit records can be generated from various components within the information system (e.g., module or policy filter).
SV-219304r508662_rule
UBTU-18-010403
CCI-000058
MEDIUM
The Ubuntu operating system must be configured for users to directly initiate a session lock for all connection types.
A session lock is a temporary action taken when a user stops work and moves away from the immediate physical vicinity of the information system but does not want to log out because of the temporary nature of the absence.
The session lock is implemented at the point where session activity can be determined. Rather than be forced to wait for a period of time to expire before the user session can be locked, the Ubuntu operating system need to provide users with the ability to manually invoke a session lock so users may secure their session should the need arise for them to temporarily vacate the immediate physical vicinity.
Satisfies: SRG-OS-000030-GPOS-00011, SRG-OS-000031-GPOS-00012
SV-219307r508662_rule
UBTU-18-010411
CCI-000068
MEDIUM
The Ubuntu operating system must implement DoD-approved encryption to protect the confidentiality of remote access sessions.
Without confidentiality protection mechanisms, unauthorized individuals may gain access to sensitive information via a remote access session.
Remote access is access to DoD nonpublic information systems by an authorized user (or an information system) communicating through an external, non-organization-controlled network. Remote access methods include, for example, dial-up, broadband, and wireless.
Encryption provides a means to secure the remote connection to prevent unauthorized access to the data traversing the remote access connection (e.g., RDP), thereby providing a degree of confidentiality. The encryption strength of a mechanism is selected based on the security categorization of the information.
SV-219308r508662_rule
UBTU-18-010412
CCI-001941
HIGH
The Ubuntu operating system must enforce SSHv2 for network access to all accounts.
A replay attack may enable an unauthorized user to gain access to the operating system. Authentication sessions between the authenticator and the operating system validating the user credentials must not be vulnerable to a replay attack.
An authentication process resists replay attacks if it is impractical to achieve a successful authentication by recording and replaying a previous authentication message.
A privileged account is any information system account with authorizations of a privileged user.
Techniques used to address this include protocols using nonces (e.g., numbers generated for a specific one-time use) or challenges (e.g., TLS, WS_Security). Additional techniques include time-synchronous or challenge-response one-time authenticators.
Satisfies: SRG-OS-000112-GPOS-00057, SRG-OS-000113-GPOS-00058
SV-219312r508662_rule
UBTU-18-010417
CCI-001453
HIGH
The Ubuntu operating system must configure the SSH daemon to only use Message Authentication Codes (MACs) employing FIPS 140-2 approved cryptographic hash algorithms to protect the integrity of nonlocal maintenance and diagnostic communications.
Without cryptographic integrity protections, information can be altered by unauthorized users without detection.
Nonlocal maintenance and diagnostic activities are those activities conducted by individuals communicating through a network, either an external network (e.g., the Internet) or an internal network. Local maintenance and diagnostic activities are those activities carried out by individuals physically present at the information system or information system component and not communicating across a network connection.
Remote access (e.g., RDP) is access to DoD nonpublic information systems by an authorized user (or an information system) communicating through an external, non-organization-controlled network. Remote access methods include, for example, dial-up, broadband, and wireless.
Cryptographic mechanisms used for protecting the integrity of information include, for example, signed hash functions using asymmetric cryptography enabling distribution of the public key to verify the hash information while maintaining the confidentiality of the secret key used to generate the hash.
Satisfies: SRG-OS-000250-GPOS-00093, SRG-OS-000393-GPOS-00173, SRG-OS-000394-GPOS-00174
SV-219313r508662_rule
UBTU-18-010420
CCI-002418
HIGH
The Ubuntu operating system must use SSH to protect the confidentiality and integrity of transmitted information unless otherwise protected by alternative physical safeguards, such as, at a minimum, a Protected Distribution System (PDS).
Without protection of the transmitted information, confidentiality and integrity may be compromised because unprotected communications can be intercepted and either read or altered.
This requirement applies to both internal and external networks and all types of information system components from which information can be transmitted (e.g., servers, mobile devices, notebook computers, printers, copiers, scanners, and facsimile machines). Communication paths outside the physical protection of a controlled boundary are exposed to the possibility of interception and modification.
Protecting the confidentiality and integrity of organizational information can be accomplished by physical means (e.g., employing physical distribution systems) or by logical means (e.g., employing cryptographic techniques). If physical means of protection are employed, then logical means (cryptography) do not have to be employed, and vice versa.
Alternative physical protection measures include PDS. PDSs are used to transmit unencrypted classified National Security Information (NSI) through an area of lesser classification or control. Since the classified NSI is unencrypted, the PDS must provide adequate electrical, electromagnetic, and physical safeguards to deter exploitation.
Satisfies: SRG-OS-000423-GPOS-00187, SRG-OS-000424-GPOS-00188, SRG-OS-000425-GPOS-00189, SRG-OS-000426-GPOS-00190
SV-219315r508662_rule
UBTU-18-010425
CCI-001991
MEDIUM
The Ubuntu operating system, for PKI-based authentication, must validate certificates by constructing a certification path (which includes status information) to an accepted trust anchor.
Without path validation, an informed trust decision by the relying party cannot be made when presented with any certificate not already explicitly trusted.
A trust anchor is an authoritative entity represented via a public key and associated data. It is used in the context of public key infrastructures, X.509 digital certificates, and DNSSEC.
When there is a chain of trust, usually the top entity to be trusted becomes the trust anchor; it can be, for example, a Certification Authority (CA). A certification path starts with the subject certificate and proceeds through a number of intermediate certificates up to a trusted root certificate, typically issued by a trusted CA.
This requirement verifies that a certification path to an accepted trust anchor is used for certificate validation and that the path includes status information. Path validation is necessary for a relying party to make an informed trust decision when presented with any certificate not already explicitly trusted. Status information for certification paths includes certificate revocation lists or online certificate status protocol responses. Validation of the certificate status information is out of scope for this requirement.
Satisfies: SRG-OS-000066-GPOS-00034, SRG-OS-000384-GPOS-00167
SV-219316r508662_rule
UBTU-18-010426
CCI-000187
HIGH
The Ubuntu operating system must map the authenticated identity to the user or group account for PKI-based authentication.
Without mapping the certificate used to authenticate to the user account, the ability to determine the identity of the individual user or group will not be available for forensic analysis.
SV-219318r508662_rule
UBTU-18-010431
CCI-001948
MEDIUM
The Ubuntu operating system must implement multifactor authentication for remote access to privileged accounts in such a way that one of the factors is provided by a device separate from the system gaining access.
Using an authentication device, such as a CAC or token that is separate from the information system, ensures that even if the information system is compromised, that compromise will not affect credentials stored on the authentication device.
Multifactor solutions that require devices separate from information systems gaining access include, for example, hardware tokens providing time-based or challenge-response authenticators and smart cards such as the U.S. Government Personal Identity Verification card and the DoD Common Access Card.
A privileged account is defined as an information system account with authorizations of a privileged user.
Remote access is access to DoD nonpublic information systems by an authorized user (or an information system) communicating through an external, non-organization-controlled network. Remote access methods include, for example, dial-up, broadband, and wireless.
This requirement only applies to components where this is specific to the function of the device or has the concept of an organizational user (e.g., VPN, proxy capability). This does not apply to authentication for the purpose of configuring the device itself (management).
Requires further clarification from NIST.
SV-219319r508662_rule
UBTU-18-010432
CCI-001953
MEDIUM
The Ubuntu operating system must accept Personal Identity Verification (PIV) credentials.
The use of PIV credentials facilitates standardization and reduces the risk of unauthorized access.
DoD has mandated the use of the CAC to support identity management and personal authentication for systems covered under Homeland Security Presidential Directive (HSPD) 12, as well as making the CAC a primary component of layered protection for national security systems.
SV-219320r508662_rule
UBTU-18-010434
CCI-001954
MEDIUM
The Ubuntu operating system must implement certificate status checking for multifactor authentication.
The use of PIV credentials facilitates standardization and reduces the risk of unauthorized access.
DoD has mandated the use of the CAC to support identity management and personal authentication for systems covered under Homeland Security Presidential Directive (HSPD) 12, as well as making the CAC a primary component of layered protection for national security systems.
SV-219328r508662_rule
UBTU-18-010448
CCI-000366
MEDIUM
The Ubuntu operating system default filesystem permissions must be defined in such a way that all authenticated users can only read and modify their own files.
Setting the most restrictive default permissions ensures that when new accounts are created they do not have unnecessary access.
SV-219330r508662_rule
UBTU-18-010500
CCI-001095
MEDIUM
The Ubuntu operating system must be configured to use TCP syncookies.
DoS is a condition when a resource is not available for legitimate users. When this occurs, the organization either cannot accomplish its mission or must operate at degraded capacity.
Managing excess capacity ensures that sufficient capacity is available to counter flooding attacks. Employing increased capacity and service redundancy may reduce the susceptibility to some DoS attacks. Managing excess capacity may include, for example, establishing selected usage priorities, quotas, or partitioning.
SV-219342r508662_rule
UBTU-18-010514
CCI-002824
MEDIUM
The Ubuntu operating system must implement address space layout randomization to protect its memory from unauthorized code execution.
Some adversaries launch attacks with the intent of executing code in non-executable regions of memory or in memory locations that are prohibited. Security safeguards employed to protect memory include, for example, data execution prevention and address space layout randomization. Data execution prevention safeguards can either be hardware-enforced or software-enforced with hardware providing the greater strength of mechanism.
Examples of attacks are buffer overflow attacks.
SV-219343r508662_rule
UBTU-18-010515
CCI-002696
MEDIUM
The Ubuntu operating system must use a file integrity tool to verify correct operation of all security functions.
Without verification of the security functions, security functions may not operate correctly and the failure may go unnoticed. Security function is defined as the hardware, software, and/or firmware of the information system responsible for enforcing the system security policy and supporting the isolation of code and data on which the protection is based. Security functionality includes, but is not limited to, establishing system accounts, configuring access authorizations (i.e., permissions, privileges), setting events to be audited, and setting intrusion detection parameters.
This requirement applies to the Ubuntu operating system performing security function verification/testing and/or systems and environments that require this functionality.
Overview
RMF Control
Vuln Id
Rule Id
Version
CCI
Severity
Description
Details
Check Text ()
Fix Text ()
Feedback
Thank you so much for spending time on this site. We are always seeking feedback for suggestions or feature requests. Please let us know if there is anything you'd like to see added to the site.