Skip to content

Commit f54fe33

Browse files
committed
Add rules to Ubuntu 22.04 STIG to align with V2R7
- UBTU-22-211000: Ubuntu 22.04 LTS must be a vendor-supported release. - UBTU-22-254010: Ubuntu 22.04 LTS must have the "SSSD" package installed. - UBTU-22-254015: Ubuntu 22.04 LTS must use the "SSSD" package for multifactor authentication services. - UBTU-22-254020: Ubuntu 22.04 LTS must ensure SSSD performs certificate path validation, including revocation checking, against a trusted anchor for PKI-based authentication. - UBTU-22-254030: Ubuntu 22.04 LTS must map the authenticated identity to the user or group account for PKI-based authentication. - UBTU-22-654224: The operating system must restrict privilege elevation to authorized personnel.
1 parent 399dd07 commit f54fe33

2 files changed

Lines changed: 53 additions & 0 deletions

File tree

controls/stig_ubuntu2204.yml

Lines changed: 52 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -14,6 +14,14 @@ reference_type: stigid
1414
product: ubuntu2204
1515

1616
controls:
17+
- id: UBTU-22-211000
18+
title: Ubuntu 22.04 LTS must be a vendor-supported release.
19+
levels:
20+
- high
21+
rules:
22+
- installed_OS_is_vendor_supported
23+
status: automated
24+
1725
- id: UBTU-22-211015
1826
title: Ubuntu 22.04 LTS must disable the x86 Ctrl-Alt-Delete key sequence.
1927
levels:
@@ -474,6 +482,42 @@ controls:
474482
- sysctl_net_ipv4_tcp_syncookies
475483
status: automated
476484

485+
- id: UBTU-22-254010
486+
title: Ubuntu 22.04 LTS must have the "SSSD" package installed.
487+
levels:
488+
- medium
489+
rules:
490+
- package_nss_sss_installed
491+
- package_pam_sss_installed
492+
- package_sssd_installed
493+
status: automated
494+
495+
- id: UBTU-22-254015
496+
title: Ubuntu 22.04 LTS must use the "SSSD" package for multifactor authentication services.
497+
levels:
498+
- medium
499+
rules:
500+
- service_sssd_enabled
501+
status: automated
502+
503+
- id: UBTU-22-254020
504+
title: Ubuntu 22.04 LTS must ensure SSSD performs certificate path validation, including revocation checking, against a trusted anchor for PKI-based authentication.
505+
levels:
506+
- medium
507+
rules:
508+
- sssd_enable_pam_services
509+
- sssd_enable_smartcards
510+
- sssd_certification_path_trust_anchor
511+
status: automated
512+
513+
- id: UBTU-22-254030
514+
title: Ubuntu 22.04 LTS must map the authenticated identity to the user or group account for PKI-based authentication.
515+
levels:
516+
- medium
517+
rules:
518+
- sssd_enable_user_cert
519+
status: automated
520+
477521
- id: UBTU-22-255010
478522
title: Ubuntu 22.04 LTS must have SSH installed.
479523
levels:
@@ -1602,6 +1646,14 @@ controls:
16021646
- audit_rules_sudoers
16031647
status: automated
16041648

1649+
- id: UBTU-22-654224
1650+
title: The operating system must restrict privilege elevation to authorized personnel.
1651+
levels:
1652+
- medium
1653+
rules:
1654+
- sudo_restrict_privilege_elevation_to_authorized
1655+
status: automated
1656+
16051657
- id: UBTU-22-654225
16061658
title: Ubuntu 22.04 LTS must generate audit records when successful/unsuccessful attempts to modify
16071659
the /etc/sudoers.d directory occur.

linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_vendor_supported/oval/shared.xml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -16,6 +16,7 @@
1616
<extend_definition comment="Installed OS is SLE16" definition_ref="installed_OS_is_sle16" />
1717
<extend_definition comment="Installed OS is SLE Micro 5" definition_ref="installed_OS_is_slmicro5" />
1818
<extend_definition comment="Installed OS is SLE Micro 6" definition_ref="installed_OS_is_slmicro6" />
19+
<extend_definition comment="Installed OS is Ubuntu 22.04" definition_ref="installed_OS_is_ubuntu2204" />
1920
<extend_definition comment="Installed OS is Ubuntu 24.04" definition_ref="installed_OS_is_ubuntu2404" />
2021
</criteria>
2122
</definition>

0 commit comments

Comments
 (0)