Guide to the Secure Configuration of Ubuntu stemcell

with profile base-xenial

Evaluation Characteristics

Tile version 1.2.32
Deployment name p-compliance-scanner-5802123a3c58ba81f0fe
Evaluation targetoscap_store/f3e5ebe1-4ade-4be1-bf58-bcb83c974198 xenial-315.181
Benchmark URL/var/vcap/data/oscap/benchmarks/Base-Xenial.xml
Benchmark IDxccdf_org.pci.content_benchmark_ubuntu_stemcell
Profile IDxccdf_org.pci.base-xenial_profile_genx
Started at2020-05-05T17:46:07
Finished at2020-05-05T17:46:43
Performed by Compliance Scanner for VMware Tanzu

CPE Platforms

  • cpe:/o:canonical:ubuntu_linux:0.0

Addresses

  • IPv4  127.0.0.1
  • IPv4  169.254.0.2
  • IPv4  10.0.4.28
  • MAC  00:00:00:00:00:00
  • MAC  42:01:0A:00:04:1C

Compliance and Scoring

The target system did not satisfy the conditions of 2 rules! Please review rule results and consider applying remediation.

Rule results

156 passed
2 failed
1 other

Severity of failed rules

0 other
1 low
1 medium
0 high

Score

Scoring systemScoreMaximumPercent
urn:xccdf:scoring:default98.684212100.000000
98.68%

Rule Overview

Group rules by:
TitleSeverityResult
Guide to the Secure Configuration of Ubuntu stemcell 2x fail 1x notchecked
SRG-OS-000480-GPOS-00227
The Ubuntu operating system must be a vendor supported release.high
pass
SRG-OS-000023-GPOS-00006 1x notchecked
The Ubuntu operating system must display the Standard Mandatory DoD Notice and Consent Banner before granting local or remote access to the system via a graphical user logon.medium
notchecked
SRG-OS-000023-GPOS-00006 1x fail
The Ubuntu operating system must display the Standard Mandatory DoD Notice and Consent Banner before granting local or remote access to the system via a command line user logon.medium
fail
SRG-OS-000069-GPOS-00037
The Ubuntu operating system must enforce password complexity by requiring that at least one upper-case character be used.medium
pass
SRG-OS-000070-GPOS-00038
The Ubuntu operating system must enforce password complexity by requiring that at least one lower-case character be used.medium
pass
SRG-OS-000071-GPOS-00039
The Ubuntu operating system must enforce password complexity by requiring that at least one numeric character be used.medium
pass
SRG-OS-000266-GPOS-00101
All passwords must contain at least one special character.medium
pass
SRG-OS-000073-GPOS-00041
The Ubuntu operating system must encrypt all stored passwords with a FIPS 140-2 approved cryptographic hashing algorithm.medium
pass
SRG-OS-000073-GPOS-00041
The Ubuntu operating system must employ a FIPS 140-2 approved cryptographic hashing algorithms for all stored passwords.medium
pass
SRG-OS-000120-GPOS-00061
The pam_unix.so module must use a FIPS 140-2 approved cryptographic hashing algorithm for system authentication.medium
pass
SRG-OS-000123-GPOS-00064
Emergency administrator accounts must never be automatically removed or disabled.medium
pass
Emergency administrator accounts must never be automatically removed or disabled.medium
pass
SRG-OS-000075-GPOS-00043
Passwords for new users must have a 24 hours/1 day minimum password lifetime restriction.medium
pass
SRG-OS-000076-GPOS-00044
Passwords for new users must have a 60-day maximum password lifetime restriction.medium
pass
SRG-OS-000077-GPOS-00045
Passwords must be prohibited from reuse for a minimum of five generations.medium
pass
SRG-OS-000480-GPOS-00227
The Ubuntu operating system must not have accounts configured with blank or null passwords.high
pass
SRG-OS-000480-GPOS-00225
The passwd command must be configured to prevent the use of dictionary words as passwords.medium
pass
SRG-OS-000480-GPOS-00227 1x fail
The Ubuntu operating system must display the date and time of the last successful account logon upon logon.low
fail
SRG-OS-000480-GPOS-00227
There must be no .shosts files on the Ubuntu operating system.high
pass
SRG-OS-000480-GPOS-00227
There must be no shosts.equiv files on the Ubuntu operating system.high
pass
SRG-OS-000138-GPOS-00069
All public directories must be owned by root to prevent unauthorized and unintended information transferred via shared system resources.medium
pass
SRG-OS-000138-GPOS-00069
All world-writable directories must be group-owned by root, sys, bin, or an application group.medium
pass
SRG-OS-000366-GPOS-00153
Advance package Tool (APT) must be configured to prevent the installation of patches, service packs, device drivers, or Ubuntu operating system components without verification they have been digitally signed using a certificate that is recognized and approved by the organization.medium
pass
SRG-OS-000378-GPOS-00163
Automatic mounting of Universal Serial Bus (USB) mass storage driver must be disabled.medium
pass
SRG-OS-000114-GPOS-00059
File system automounter must be disabled unless required.medium
pass
SRG-OS-000312-GPOS-00122
Pam_Apparmor must be configured to allow system administrators to pass information to any other Ubuntu operating system administrator or user, change security attributes, and to confine all non-privileged users from executing functions to include disabling, circumventing, or altering implemented security safeguards/countermeasures.medium
pass
SRG-OS-000368-GPOS-00154
The Apparmor module must be configured to employ a deny-all, permit-by-exception policy to allow the execution of authorized software programs and limit the ability of non-privileged users to grant other users direct access to the contents of their home directories/foldersmedium
pass
SRG-OS-000480-GPOS-00227
The x86 Ctrl-Alt-Delete key sequence must be disabled.high
pass
SRG-OS-000104-GPOS-00051
Duplicate User IDs (UIDs) must not exist for interactive users.medium
pass
SRG-OS-000480-GPOS-00227
The root account must be the only account having unrestricted access to the system.high
pass
SRG-OS-000480-GPOS-00227
All files and directories must have a valid owner.medium
pass
SRG-OS-000480-GPOS-00227
All files and directories must have a valid group owner.medium
pass
SRG-OS-000480-GPOS-00227
All local interactive users must have a home directory assigned in the /etc/passwd file.medium
pass
SRG-OS-000480-GPOS-00227
All local interactive user home directories defined in the /etc/passwd file must exist.medium
pass
SRG-OS-000480-GPOS-00227
All local interactive user home directories must be group-owned by the home directory owners primary group.medium
pass
SRG-OS-000480-GPOS-00227
All local interactive user initialization files executable search paths must contain only paths that resolve to the system default or the users home directory.medium
pass
SRG-OS-000480-GPOS-00227
Local initialization files must not execute world-writable programs.medium
pass
SRG-OS-000480-GPOS-00227
File systems that are being imported via Network File System (NFS) must be mounted to prevent files with the setuid and setguid bit set from being executed.medium
pass
SRG-OS-000480-GPOS-00227
File systems that are being imported via Network File System (NFS) must be mounted to prevent binary files from being executed.medium
pass
SRG-OS-000480-GPOS-00227
All world-writable directories must be group-owned by root, sys, bin, or an application group.medium
pass
SRG-OS-000480-GPOS-00227
Kernel core dumps must be disabled unless needed.medium
pass
SRG-OS-000480-GPOS-00227
A separate file system must be used for user home directories (such as /home or an equivalent).medium
pass
SRG-OS-000480-GPOS-00227
The Ubuntu operating system must use a separate file system for the system audit data path.low
pass
SRG-OS-000206-GPOS-00084
The /var/log directory must be group-owned by syslog.medium
pass
SRG-OS-000206-GPOS-00084
The /var/log directory must be owned by root.medium
pass
SRG-OS-000206-GPOS-00084
The /var/log/syslog file must be owned by syslog.medium
pass
SRG-OS-000206-GPOS-00084
The /var/log/syslog directory must have mode 0640 or less permissive.medium
pass
SRG-OS-000259-GPOS-00100
Library files must have mode 0755 or less permissive.medium
pass
SRG-OS-000259-GPOS-00100
Library files must be owned by root.medium
pass
SRG-OS-000259-GPOS-00100
System commands must have mode 0755 or less permissive.medium
pass
SRG-OS-000259-GPOS-00100
System files must be owned by root.medium
pass
SRG-OS-000259-GPOS-00100
System files must be group-owned by root.medium
pass
SRG-OS-000037-GPOS-00015
Audit records must contain information to establish what type of events occurred, the source of events, where events occurred, and the outcome of events.medium
pass
Audit records must contain information to establish what type of events occurred, the source of events, where events occurred, and the outcome of events.medium
pass
SRG-OS-000480-GPOS-00227
The auditd service must be running in the Ubuntu operating system.medium
pass
SRG-OS-000343-GPOS-00134
The Ubuntu operating system must notify the System Administrator (SA) and Information System Security Officer (ISSO) (at a minimum) via email when allocated audit record storage volume reaches 75% of the repository maximum audit record storage capacity.medium
pass
SRG-OS-000046-GPOS-00022
The System Administrator (SA) and Information System Security Officer (ISSO) (at a minimum) must be alerted of an audit processing failure event.medium
pass
SRG-OS-000047-GPOS-00023
The audit system must take appropriate action when the audit storage volume is full.medium
pass
SRG-OS-000057-GPOS-00027
Audit logs must have a mode of 0600 or less permissive to prevent unauthorized read access.medium
pass
SRG-OS-000057-GPOS-00027
Audit log directories must have a mode of 0750 or less permissive to prevent unauthorized read access.medium
pass
SRG-OS-000057-GPOS-00027
Audit logs must be owned by root to prevent unauthorized read access.medium
pass
SRG-OS-000057-GPOS-00027
Audit logs must be group-owned by root to prevent unauthorized read access.medium
pass
SRG-OS-000057-GPOS-00027
Audit log directory must be owned by root to prevent unauthorized read access.medium
pass
SRG-OS-000057-GPOS-00027
Audit log directory must be group-owned by root to prevent unauthorized read access.medium
pass
SRG-OS-000063-GPOS-00032
The Ubuntu operating system must allow only the Information System Security Manager (ISSM) (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited.medium
pass
The Ubuntu operating system must allow only the Information System Security Manager (ISSM) (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited.medium
pass
SRG-OS-000206-GPOS-00084
The audit log files must be owned by root.medium
pass
SRG-OS-000206-GPOS-00084
The audit log files in the Ubuntu operating system must have mode 0640 or less permissive.medium
pass
SRG-OS-000256-GPOS-00097
Audit tools must have a mode of 0755 or less permissive.medium
pass
SRG-OS-000256-GPOS-00097
Audit tools must be owned by root.medium
pass
SRG-OS-000256-GPOS-00097
Audit tools must be group-owned by root.medium
pass
SRG-OS-000037-GPOS-00015
The Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.medium
pass
SRG-OS-000037-GPOS-00015
The Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group.medium
pass
SRG-OS-000037-GPOS-00015
The Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/gshadow.medium
pass
SRG-OS-000037-GPOS-00015
The Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow.medium
pass
SRG-OS-000037-GPOS-00015
The Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/security/opasswd.medium
pass
SRG-OS-000326-GPOS-00126
The audit system must be configured to audit the execution of privileged functions and prevent all software from executing at higher privilege levels than users executing the software.medium
pass
SRG-OS-000037-GPOS-00015
Successful/unsuccessful uses of the su command must generate an audit record.medium
pass
SRG-OS-000037-GPOS-00015
Successful/unsuccessful uses of the chfn command must generate an audit record.medium
pass
SRG-OS-000037-GPOS-00015
Successful/unsuccessful uses of the mount command must generate an audit record.low
pass
SRG-OS-000042-GPOS-00020
Successful/unsuccessful uses of the umount command must generate an audit record.medium
pass
SRG-OS-000037-GPOS-00015
Successful/unsuccessful uses of the ssh-agent command must generate an audit record.medium
pass
SRG-OS-000037-GPOS-00015
Successful/unsuccessful uses of the ssh-keysign command must generate an audit record.medium
pass
SRG-OS-000037-GPOS-00015
The audit system must be configured to audit any usage of the insmod command.medium
pass
SRG-OS-000037-GPOS-00015
The audit system must be configured to audit any usage of the rmmod command.medium
pass
SRG-OS-000037-GPOS-00015
The audit system must be configured to audit any usage of the modprobe command.medium
pass
SRG-OS-000037-GPOS-00015
The audit system must be configured to audit any usage of the kmod command.medium
pass
SRG-OS-000037-GPOS-00015
Successful/unsuccessful uses of the chown command must generate an audit record.medium
pass
SRG-OS-000037-GPOS-00015
Successful/unsuccessful uses of the fchown command must generate an audit record.medium
pass
SRG-OS-000037-GPOS-00015
Successful/unsuccessful uses of the fchownat command must generate an audit record.medium
pass
SRG-OS-000037-GPOS-00015
Successful/unsuccessful uses of the lchown command must generate an audit record.medium
pass
SRG-OS-000037-GPOS-00015
Successful/unsuccessful uses of the chmod command must generate an audit record.medium
pass
SRG-OS-000037-GPOS-00015
Successful/unsuccessful uses of the fchmod command must generate an audit record.medium
pass
SRG-OS-000037-GPOS-00015
Successful/unsuccessful uses of the fchmodat command must generate an audit record.medium
pass
SRG-OS-000037-GPOS-00015
Successful/unsuccessful uses of the open command must generate an audit record.medium
pass
SRG-OS-000037-GPOS-00015
Successful/unsuccessful uses of the truncate command must generate an audit record.medium
pass
SRG-OS-000037-GPOS-00015
Successful/unsuccessful uses of the ftruncate command must generate an audit record.medium
pass
SRG-OS-000037-GPOS-00015
Successful/unsuccessful uses of the creat command must generate an audit record.medium
pass
SRG-OS-000037-GPOS-00015
Successful/unsuccessful uses of the openat command must generate an audit record.medium
pass
SRG-OS-000037-GPOS-00015
Successful/unsuccessful uses of the open_by_handle_at command must generate an audit record.medium
pass
SRG-OS-000037-GPOS-00015
Successful/unsuccessful uses of the sudo command must generate an audit record.medium
pass
SRG-OS-000037-GPOS-00015
Successful/unsuccessful uses of the sudoedit command must generate an audit record.medium
pass
SRG-OS-000037-GPOS-00015
Successful/unsuccessful uses of the chsh command must generate an audit record.medium
pass
SRG-OS-000037-GPOS-00015
Successful/unsuccessful uses of the newgrp command must generate an audit record.medium
pass
SRG-OS-000037-GPOS-00015
Successful/unsuccessful uses of the chcon command must generate an audit record.medium
pass
SRG-OS-000037-GPOS-00015
Successful/unsuccessful uses of the apparmor_parser command must generate an audit record.medium
pass
SRG-OS-000037-GPOS-00015
Successful/unsuccessful modifications to the tallylog file must generate an audit record.medium
pass
SRG-OS-000037-GPOS-00015
Successful/unsuccessful modifications to the faillog file must generate an audit record.medium
pass
SRG-OS-000037-GPOS-00015
Successful/unsuccessful modifications to the lastlog file must generate an audit record.medium
pass
SRG-OS-000037-GPOS-00015
Successful/unsuccessful uses of the passwd command must generate an audit record.medium
pass
SRG-OS-000037-GPOS-00015
Successful/unsuccessful uses of the unix_update command must generate an audit record.medium
pass
SRG-OS-000037-GPOS-00015
Successful/unsuccessful uses of the gpasswd command must generate an audit record.medium
pass
SRG-OS-000037-GPOS-00015
Successful/unsuccessful uses of the chage command must generate an audit record.medium
pass
SRG-OS-000037-GPOS-00015
Successful/unsuccessful uses of the usermod command must generate an audit record.medium
pass
SRG-OS-000037-GPOS-00015
Successful/unsuccessful uses of the crontab command must generate an audit record.medium
pass
SRG-OS-000037-GPOS-00015
Successful/unsuccessful uses of the pam_timestamp_check command must generate an audit record.medium
pass
SRG-OS-000037-GPOS-00015
Successful/unsuccessful uses of the init_module command must generate an audit record.medium
pass
SRG-OS-000037-GPOS-00015
Successful/unsuccessful uses of the finit_module command must generate an audit record.medium
pass
SRG-OS-000037-GPOS-00015
Successful/unsuccessful uses of the delete_module command must generate an audit record.medium
pass
SRG-OS-000074-GPOS-00042
The telnet package must not be installed.high
pass
SRG-OS-000095-GPOS-00049
The Network Information Service (NIS) package must not be installed.high
pass
SRG-OS-000095-GPOS-00049
The rsh-server package must not be installed.high
pass
SRG-OS-000138-GPOS-00069
A sticky bit must be set on all public directories to prevent unauthorized and unintended information transferred via shared system resources.medium
pass
SRG-OS-000356-GPOS-00144
The Ubuntu operating system must synchronize internal information system clocks to the authoritative time source when the time difference is greater than one second.medium
pass
SRG-OS-000359-GPOS-00146
The Ubuntu operating system must record time stamps for audit records that can be mapped to Coordinated Universal Time (UTC) or Greenwich Mean Time (GMT).medium
pass
SRG-OS-000433-GPOS-00192
The Ubuntu operating system must implement non-executable data to protect its memory from unauthorized code execution.medium
pass
SRG-OS-000433-GPOS-00193
The Ubuntu operating system must implement address space layout randomization to protect its memory from unauthorized code execution.medium
pass
SRG-OS-000112-GPOS-00057
The Ubuntu operating system must enforce SSHv2 for network access to all accounts.high
pass
SRG-OS-000023-GPOS-00006
The Ubuntu operating system must display the Standard Mandatory DoD Notice and Consent Banner before granting local or remote access to the system via a SSH logon and the user must acknowledge the usage conditions and take explicit actions to log on for further access.medium
pass
SRG-OS-000480-GPOS-00227
The Ubuntu operating system must not permit direct logons to the root account using remote access via SSH.medium
pass
SRG-OS-000480-GPOS-00229
Unattended or automatic login via SSH must not be allowed.high
pass
SRG-OS-000480-GPOS-00227
The system must display the date and time of the last successful account logon upon an SSH logon.medium
pass
SRG-OS-000480-GPOS-00227
The SSH public host key files must have mode 0644 or less permissive.medium
pass
SRG-OS-000480-GPOS-00227
The SSH private host key files must have mode 0600 or less permissive.medium
pass
SRG-OS-000480-GPOS-00227
The SSH daemon must perform strict mode checking of home directory configuration files.medium
pass
SRG-OS-000480-GPOS-00227
The SSH daemon must use privilege separation.medium
pass
SRG-OS-000423-GPOS-00187
All networked systems must have and implement SSH to protect the confidentiality and integrity of transmitted and received information, as well as information during preparation for transmission.high
pass
All networked systems must have and implement SSH to protect the confidentiality and integrity of transmitted and received information, as well as information during preparation for transmission.high
pass
All networked systems must have and implement SSH to protect the confidentiality and integrity of transmitted and received information, as well as information during preparation for transmission.high
pass
All networked systems must have and implement SSH to protect the confidentiality and integrity of transmitted and received information, as well as information during preparation for transmission.high
pass
SRG-OS-000032-GPOS-00013
All remote access methods must be monitored.medium
pass
SRG-OS-000480-GPOS-00227
Cron logging must be implemented.medium
pass
SRG-OS-000142-GPOS-00071
The Ubuntu operating system must be configured to use TCP syncookies.medium
pass
SRG-OS-000480-GPOS-00227
For Ubuntu operating systems using Domain Name Servers (DNS) resolution, at least two name servers must be configured.low
pass
SRG-OS-000480-GPOS-00227
The Ubuntu operating system must not forward Internet Protocol version 4 (IPv4) source-routed packets.medium
pass
SRG-OS-000480-GPOS-00227
The Ubuntu operating system must not forward Internet Protocol version 4 (IPv4) source-routed packets by default.medium
pass
SRG-OS-000480-GPOS-00227
The Ubuntu operating system must not respond to Internet Protocol version 4 (IPv4) Internet Control Message Protocol (ICMP) echoes sent to a broadcast address.medium
pass
SRG-OS-000480-GPOS-00227
The Ubuntu operating system must prevent Internet Protocol version 4 (IPv4) Internet Control Message Protocol (ICMP) redirect messages from being accepted.medium
pass
SRG-OS-000480-GPOS-00227
The Ubuntu operating system must ignore Internet Protocol version 4 (IPv4) Internet Control Message Protocol (ICMP) redirect messages.medium
pass
SRG-OS-000480-GPOS-00227
The Ubuntu operating system must not allow interfaces to perform Internet Protocol version 4 (IPv4) Internet Control Message Protocol (ICMP) redirects by default.medium
pass
SRG-OS-000480-GPOS-00227
The Ubuntu operating system must not send Internet Protocol version 4 (IPv4) Internet Control Message Protocol (ICMP) redirects.medium
pass
SRG-OS-000480-GPOS-00227
The Ubuntu operating system must not be performing packet forwarding unless the system is a router.medium
pass
SRG-OS-000480-GPOS-00227
Network interfaces must not be in promiscuous mode.medium
pass
SRG-OS-000480-GPOS-00227
The Ubuntu operating system must be configured to prevent unrestricted mail relaying.medium
pass
SRG-OS-000046-GPOS-00022
The Information System Security Officer (ISSO) and System Administrator (SA) (at a minimum) must have mail aliases to be notified of an audit processing failure.medium
pass
SRG-OS-000480-GPOS-00227
A File Transfer Protocol (FTP) server package must not be installed unless needed.high
pass
SRG-OS-000480-GPOS-00227
The Trivial File Transfer Protocol (TFTP) server package must not be installed if not required for operational support.high
pass
SRG-OS-000480-GPOS-00227
If the Trivial File Transfer Protocol (TFTP) server is required, the TFTP daemon must be configured to operate in secure mode.medium
pass
SRG-OS-000480-GPOS-00227
An X Windows display manager must not be installed unless approved.medium
pass

Result Details

The Ubuntu operating system must be a vendor supported release.xccdf_pcf.pci.SV-90069r1_rule_services highCCI-001230 CM-6 b

The Ubuntu operating system must be a vendor supported release.

Rule IDxccdf_pcf.pci.SV-90069r1_rule_services
Result
pass
Time2020-05-05T17:46:07
Severityhigh
Identifiers and References

Identifiers:  CCI-001230, CM-6 b

The Ubuntu operating system must display the Standard Mandatory DoD Notice and Consent Banner before granting local or remote access to the system via a graphical user logon.xccdf_pcf.pci.SV-90073r2_rule_services mediumCCI-000048 CCI-001384 CCI-001385 CCI-001386 CCI-001387 CCI-001388 AC-8 a

The Ubuntu operating system must display the Standard Mandatory DoD Notice and Consent Banner before granting local or remote access to the system via a graphical user logon.

Rule IDxccdf_pcf.pci.SV-90073r2_rule_services
Result
notchecked
Time2020-05-05T17:46:07
Severitymedium
Identifiers and References

Identifiers:  CCI-000048, CCI-001384, CCI-001385, CCI-001386, CCI-001387, CCI-001388, AC-8 a

The Ubuntu operating system must display the Standard Mandatory DoD Notice and Consent Banner before granting local or remote access to the system via a command line user logon.xccdf_pcf.pci.SV-90115r2_rule_services mediumCCI-000048 CCI-001384 CCI-001385 CCI-001386 CCI-001387 CCI-001388 AC-8 a

The Ubuntu operating system must display the Standard Mandatory DoD Notice and Consent Banner before granting local or remote access to the system via a command line user logon.

Rule IDxccdf_pcf.pci.SV-90115r2_rule_services
Result
fail
Time2020-05-05T17:46:07
Severitymedium
Identifiers and References

Identifiers:  CCI-000048, CCI-001384, CCI-001385, CCI-001386, CCI-001387, CCI-001388, AC-8 a

The Ubuntu operating system must enforce password complexity by requiring that at least one upper-case character be used.xccdf_pcf.pci.SV-90129r2_rule_services mediumCCI-000192 IA-5 (1) (a)

The Ubuntu operating system must enforce password complexity by requiring that at least one upper-case character be used.

Rule IDxccdf_pcf.pci.SV-90129r2_rule_services
Result
pass
Time2020-05-05T17:46:07
Severitymedium
Identifiers and References

Identifiers:  CCI-000192, IA-5 (1) (a)

The Ubuntu operating system must enforce password complexity by requiring that at least one lower-case character be used.xccdf_pcf.pci.SV-90131r2_rule_services mediumCCI-000193 IA-5 (1) (a)

The Ubuntu operating system must enforce password complexity by requiring that at least one lower-case character be used.

Rule IDxccdf_pcf.pci.SV-90131r2_rule_services
Result
pass
Time2020-05-05T17:46:07
Severitymedium
Identifiers and References

Identifiers:  CCI-000193, IA-5 (1) (a)

The Ubuntu operating system must enforce password complexity by requiring that at least one numeric character be used.xccdf_pcf.pci.SV-90133r2_rule_services mediumCCI-000194 IA-5 (1) (a)

The Ubuntu operating system must enforce password complexity by requiring that at least one numeric character be used.

Rule IDxccdf_pcf.pci.SV-90133r2_rule_services
Result
pass
Time2020-05-05T17:46:07
Severitymedium
Identifiers and References

Identifiers:  CCI-000194, IA-5 (1) (a)

All passwords must contain at least one special character.xccdf_pcf.pci.SV-90135r2_rule_services mediumCCI-001619 IA-5 (1) (a)

All passwords must contain at least one special character.

Rule IDxccdf_pcf.pci.SV-90135r2_rule_services
Result
pass
Time2020-05-05T17:46:07
Severitymedium
Identifiers and References

Identifiers:  CCI-001619, IA-5 (1) (a)

The Ubuntu operating system must encrypt all stored passwords with a FIPS 140-2 approved cryptographic hashing algorithm.xccdf_pcf.pci.SV-90139r1_rule_services mediumCCI-000196 CCI-000803 IA-5 (1) (c)

The Ubuntu operating system must encrypt all stored passwords with a FIPS 140-2 approved cryptographic hashing algorithm.

Rule IDxccdf_pcf.pci.SV-90139r1_rule_services
Result
pass
Time2020-05-05T17:46:07
Severitymedium
Identifiers and References

Identifiers:  CCI-000196, CCI-000803, IA-5 (1) (c)

The Ubuntu operating system must employ a FIPS 140-2 approved cryptographic hashing algorithms for all stored passwords.xccdf_pcf.pci.SV-90141r1_rule_services mediumCCI-000196 CCI-000803 IA-5 (1) (c)

The Ubuntu operating system must employ a FIPS 140-2 approved cryptographic hashing algorithms for all stored passwords.

Rule IDxccdf_pcf.pci.SV-90141r1_rule_services
Result
pass
Time2020-05-05T17:46:07
Severitymedium
Identifiers and References

Identifiers:  CCI-000196, CCI-000803, IA-5 (1) (c)

The pam_unix.so module must use a FIPS 140-2 approved cryptographic hashing algorithm for system authentication.xccdf_pcf.pci.SV-90145r2_rule_services mediumCCI-000803 IA-7

The pam_unix.so module must use a FIPS 140-2 approved cryptographic hashing algorithm for system authentication.

Rule IDxccdf_pcf.pci.SV-90145r2_rule_services
Result
pass
Time2020-05-05T17:46:07
Severitymedium
Identifiers and References

Identifiers:  CCI-000803, IA-7

Emergency administrator accounts must never be automatically removed or disabled.xccdf_pcf.pci.SV-90149r1-1_rule_services mediumCCI-001682 AC-2 (2)

Emergency administrator accounts must never be automatically removed or disabled.

Rule IDxccdf_pcf.pci.SV-90149r1-1_rule_services
Result
pass
Time2020-05-05T17:46:07
Severitymedium
Identifiers and References

Identifiers:  CCI-001682, AC-2 (2)

Emergency administrator accounts must never be automatically removed or disabled.xccdf_pcf.pci.SV-90149r1-2_rule_services mediumCCI-001682 AC-2 (2)

Emergency administrator accounts must never be automatically removed or disabled.

Rule IDxccdf_pcf.pci.SV-90149r1-2_rule_services
Result
pass
Time2020-05-05T17:46:07
Severitymedium
Identifiers and References

Identifiers:  CCI-001682, AC-2 (2)

Passwords for new users must have a 24 hours/1 day minimum password lifetime restriction.xccdf_pcf.pci.SV-90151r2_rule_services mediumCCI-000198 IA-5 (1) (d)

Passwords for new users must have a 24 hours/1 day minimum password lifetime restriction.

Rule IDxccdf_pcf.pci.SV-90151r2_rule_services
Result
pass
Time2020-05-05T17:46:07
Severitymedium
Identifiers and References

Identifiers:  CCI-000198, IA-5 (1) (d)

Passwords for new users must have a 60-day maximum password lifetime restriction.xccdf_pcf.pci.SV-90153r2_rule_services mediumCCI-000199 IA-5 (1) (d)

Passwords for new users must have a 60-day maximum password lifetime restriction.

Rule IDxccdf_pcf.pci.SV-90153r2_rule_services
Result
pass
Time2020-05-05T17:46:08
Severitymedium
Identifiers and References

Identifiers:  CCI-000199, IA-5 (1) (d)

Passwords must be prohibited from reuse for a minimum of five generations.xccdf_pcf.pci.SV-90155r2_rule_services mediumCCI-000200 IA-5 (1) (e)

Passwords must be prohibited from reuse for a minimum of five generations.

Rule IDxccdf_pcf.pci.SV-90155r2_rule_services
Result
pass
Time2020-05-05T17:46:08
Severitymedium
Identifiers and References

Identifiers:  CCI-000200, IA-5 (1) (e)

The Ubuntu operating system must not have accounts configured with blank or null passwords.xccdf_pcf.pci.SV-90159r1_rule_services highCCI-000366 CM-6 b

The Ubuntu operating system must not have accounts configured with blank or null passwords.

Rule IDxccdf_pcf.pci.SV-90159r1_rule_services
Result
pass
Time2020-05-05T17:46:08
Severityhigh
Identifiers and References

Identifiers:  CCI-000366, CM-6 b

The passwd command must be configured to prevent the use of dictionary words as passwords.xccdf_pcf.pci.SV-90163r1_rule_services mediumCCI-000366 CM-6 b

The passwd command must be configured to prevent the use of dictionary words as passwords.

Rule IDxccdf_pcf.pci.SV-90163r1_rule_services
Result
pass
Time2020-05-05T17:46:08
Severitymedium
Identifiers and References

Identifiers:  CCI-000366, CM-6 b

The Ubuntu operating system must display the date and time of the last successful account logon upon logon.xccdf_pcf.pci.SV-90177r1_rule_services lowCCI-000366 CM-6 b

The Ubuntu operating system must display the date and time of the last successful account logon upon logon.

Rule IDxccdf_pcf.pci.SV-90177r1_rule_services
Result
fail
Time2020-05-05T17:46:08
Severitylow
Identifiers and References

Identifiers:  CCI-000366, CM-6 b

There must be no .shosts files on the Ubuntu operating system.xccdf_pcf.pci.SV-90179r1_rule_services highCCI-000366 CM-6 b

There must be no .shosts files on the Ubuntu operating system.

Rule IDxccdf_pcf.pci.SV-90179r1_rule_services
Result
pass
Time2020-05-05T17:46:20
Severityhigh
Identifiers and References

Identifiers:  CCI-000366, CM-6 b

There must be no shosts.equiv files on the Ubuntu operating system.xccdf_pcf.pci.SV-90181r2_rule_services highCCI-000366 CM-6 b

There must be no shosts.equiv files on the Ubuntu operating system.

Rule IDxccdf_pcf.pci.SV-90181r2_rule_services
Result
pass
Time2020-05-05T17:46:21
Severityhigh
Identifiers and References

Identifiers:  CCI-000366, CM-6 b

All public directories must be owned by root to prevent unauthorized and unintended information transferred via shared system resources.xccdf_pcf.pci.SV-90191r1_rule_services mediumCCI-001090 SC-4

All public directories must be owned by root to prevent unauthorized and unintended information transferred via shared system resources.

Rule IDxccdf_pcf.pci.SV-90191r1_rule_services
Result
pass
Time2020-05-05T17:46:21
Severitymedium
Identifiers and References

Identifiers:  CCI-001090, SC-4

All world-writable directories must be group-owned by root, sys, bin, or an application group.xccdf_pcf.pci.SV-90193r3_rule_services mediumCCI-001090 SC-4

All world-writable directories must be group-owned by root, sys, bin, or an application group.

Rule IDxccdf_pcf.pci.SV-90193r3_rule_services
Result
pass
Time2020-05-05T17:46:22
Severitymedium
Identifiers and References

Identifiers:  CCI-001090, SC-4

Advance package Tool (APT) must be configured to prevent the installation of patches, service packs, device drivers, or Ubuntu operating system components without verification they have been digitally signed using a certificate that is recognized and approved by the organization.xccdf_pcf.pci.SV-90207r2_rule_services mediumCCI-001749 CM-5 (3)

Advance package Tool (APT) must be configured to prevent the installation of patches, service packs, device drivers, or Ubuntu operating system components without verification they have been digitally signed using a certificate that is recognized and approved by the organization.

Rule IDxccdf_pcf.pci.SV-90207r2_rule_services
Result
pass
Time2020-05-05T17:46:22
Severitymedium
Identifiers and References

Identifiers:  CCI-001749, CM-5 (3)

Automatic mounting of Universal Serial Bus (USB) mass storage driver must be disabled.xccdf_pcf.pci.SV-90211r2_rule_services mediumCCI-001958 IA-3

Automatic mounting of Universal Serial Bus (USB) mass storage driver must be disabled.

Rule IDxccdf_pcf.pci.SV-90211r2_rule_services
Result
pass
Time2020-05-05T17:46:22
Severitymedium
Identifiers and References

Identifiers:  CCI-001958, IA-3

File system automounter must be disabled unless required.xccdf_pcf.pci.SV-90213r2_rule_services mediumCCI-000366 CCI-000778 CCI-001958 IA-3

File system automounter must be disabled unless required.

Rule IDxccdf_pcf.pci.SV-90213r2_rule_services
Result
pass
Time2020-05-05T17:46:22
Severitymedium
Identifiers and References

Identifiers:  CCI-000366, CCI-000778, CCI-001958, IA-3

Pam_Apparmor must be configured to allow system administrators to pass information to any other Ubuntu operating system administrator or user, change security attributes, and to confine all non-privileged users from executing functions to include disabling, circumventing, or altering implemented security safeguards/countermeasures.xccdf_pcf.pci.SV-90215r2_rule_services mediumCCI-002165 CCI-002235 AC-3 (4)

Pam_Apparmor must be configured to allow system administrators to pass information to any other Ubuntu operating system administrator or user, change security attributes, and to confine all non-privileged users from executing functions to include disabling, circumventing, or altering implemented security safeguards/countermeasures.

Rule IDxccdf_pcf.pci.SV-90215r2_rule_services
Result
pass
Time2020-05-05T17:46:22
Severitymedium
Identifiers and References

Identifiers:  CCI-002165, CCI-002235, AC-3 (4)

The Apparmor module must be configured to employ a deny-all, permit-by-exception policy to allow the execution of authorized software programs and limit the ability of non-privileged users to grant other users direct access to the contents of their home directories/foldersxccdf_pcf.pci.SV-90217r2_rule_services mediumCCI-001764 CCI-001774 CM-7 (2)

The Apparmor module must be configured to employ a deny-all, permit-by-exception policy to allow the execution of authorized software programs and limit the ability of non-privileged users to grant other users direct access to the contents of their home directories/folders

Rule IDxccdf_pcf.pci.SV-90217r2_rule_services
Result
pass
Time2020-05-05T17:46:23
Severitymedium
Identifiers and References

Identifiers:  CCI-001764, CCI-001774, CM-7 (2)

The x86 Ctrl-Alt-Delete key sequence must be disabled.xccdf_pcf.pci.SV-90221r2_rule_services highCCI-000366 CM-6 b

The x86 Ctrl-Alt-Delete key sequence must be disabled.

Rule IDxccdf_pcf.pci.SV-90221r2_rule_services
Result
pass
Time2020-05-05T17:46:23
Severityhigh
Identifiers and References

Identifiers:  CCI-000366, CM-6 b

Duplicate User IDs (UIDs) must not exist for interactive users.xccdf_pcf.pci.SV-90227r2_rule_services mediumCCI-000764 CCI-000804 CCI-001084 IA-2

Duplicate User IDs (UIDs) must not exist for interactive users.

Rule IDxccdf_pcf.pci.SV-90227r2_rule_services
Result
pass
Time2020-05-05T17:46:23
Severitymedium
Identifiers and References

Identifiers:  CCI-000764, CCI-000804, CCI-001084, IA-2

The root account must be the only account having unrestricted access to the system.xccdf_pcf.pci.SV-90229r1_rule_services highCCI-000366 CM-6 b

The root account must be the only account having unrestricted access to the system.

Rule IDxccdf_pcf.pci.SV-90229r1_rule_services
Result
pass
Time2020-05-05T17:46:23
Severityhigh
Identifiers and References

Identifiers:  CCI-000366, CM-6 b

All files and directories must have a valid owner.xccdf_pcf.pci.SV-90235r1_rule_services mediumCCI-002165 CM-6 b

All files and directories must have a valid owner.

Rule IDxccdf_pcf.pci.SV-90235r1_rule_services
Result
pass
Time2020-05-05T17:46:25
Severitymedium
Identifiers and References

Identifiers:  CCI-002165, CM-6 b

All files and directories must have a valid group owner.xccdf_pcf.pci.SV-90237r1_rule_services mediumCCI-002165 CM-6 b

All files and directories must have a valid group owner.

Rule IDxccdf_pcf.pci.SV-90237r1_rule_services
Result
pass
Time2020-05-05T17:46:27
Severitymedium
Identifiers and References

Identifiers:  CCI-002165, CM-6 b

All local interactive users must have a home directory assigned in the /etc/passwd file.xccdf_pcf.pci.SV-90239r1_rule_services mediumCCI-000366 CM-6 b

All local interactive users must have a home directory assigned in the /etc/passwd file.

Rule IDxccdf_pcf.pci.SV-90239r1_rule_services
Result
pass
Time2020-05-05T17:46:27
Severitymedium
Identifiers and References

Identifiers:  CCI-000366, CM-6 b

All local interactive user home directories defined in the /etc/passwd file must exist.xccdf_pcf.pci.SV-90243r1_rule_services mediumCCI-000366 CM-6 b

All local interactive user home directories defined in the /etc/passwd file must exist.

Rule IDxccdf_pcf.pci.SV-90243r1_rule_services
Result
pass
Time2020-05-05T17:46:27
Severitymedium
Identifiers and References

Identifiers:  CCI-000366, CM-6 b

All local interactive user home directories must be group-owned by the home directory owners primary group.xccdf_pcf.pci.SV-90247r1_rule_services mediumCCI-000366 CM-6 b

All local interactive user home directories must be group-owned by the home directory owners primary group.

Rule IDxccdf_pcf.pci.SV-90247r1_rule_services
Result
pass
Time2020-05-05T17:46:27
Severitymedium
Identifiers and References

Identifiers:  CCI-000366, CM-6 b

All local interactive user initialization files executable search paths must contain only paths that resolve to the system default or the users home directory.xccdf_pcf.pci.SV-90251r1_rule_services mediumCCI-000366 CM-6 b

All local interactive user initialization files executable search paths must contain only paths that resolve to the system default or the users home directory.

Rule IDxccdf_pcf.pci.SV-90251r1_rule_services
Result
pass
Time2020-05-05T17:46:27
Severitymedium
Identifiers and References

Identifiers:  CCI-000366, CM-6 b

Local initialization files must not execute world-writable programs.xccdf_pcf.pci.SV-90253r1_rule_services mediumCCI-000366 CM-6 b

Local initialization files must not execute world-writable programs.

Rule IDxccdf_pcf.pci.SV-90253r1_rule_services
Result
pass
Time2020-05-05T17:46:34
Severitymedium
Identifiers and References

Identifiers:  CCI-000366, CM-6 b

File systems that are being imported via Network File System (NFS) must be mounted to prevent files with the setuid and setguid bit set from being executed.xccdf_pcf.pci.SV-90259r3_rule_services mediumCCI-000366 CM-6 b

File systems that are being imported via Network File System (NFS) must be mounted to prevent files with the setuid and setguid bit set from being executed.

Rule IDxccdf_pcf.pci.SV-90259r3_rule_services
Result
pass
Time2020-05-05T17:46:34
Severitymedium
Identifiers and References

Identifiers:  CCI-000366, CM-6 b

File systems that are being imported via Network File System (NFS) must be mounted to prevent binary files from being executed.xccdf_pcf.pci.SV-90261r2_rule_services mediumCCI-000366 CM-6 b

File systems that are being imported via Network File System (NFS) must be mounted to prevent binary files from being executed.

Rule IDxccdf_pcf.pci.SV-90261r2_rule_services
Result
pass
Time2020-05-05T17:46:34
Severitymedium
Identifiers and References

Identifiers:  CCI-000366, CM-6 b

All world-writable directories must be group-owned by root, sys, bin, or an application group.xccdf_pcf.pci.SV-90263r2_rule_services mediumCCI-000366 CM-6 b

All world-writable directories must be group-owned by root, sys, bin, or an application group.

Rule IDxccdf_pcf.pci.SV-90263r2_rule_services
Result
pass
Time2020-05-05T17:46:34
Severitymedium
Identifiers and References

Identifiers:  CCI-000366, CM-6 b

Kernel core dumps must be disabled unless needed.xccdf_pcf.pci.SV-90265r1_rule_services mediumCCI-000366 CM-6 b

Kernel core dumps must be disabled unless needed.

Rule IDxccdf_pcf.pci.SV-90265r1_rule_services
Result
pass
Time2020-05-05T17:46:34
Severitymedium
Identifiers and References

Identifiers:  CCI-000366, CM-6 b

A separate file system must be used for user home directories (such as /home or an equivalent).xccdf_pcf.pci.SV-90267r2_rule_services mediumCCI-000366 CM-6 b

A separate file system must be used for user home directories (such as /home or an equivalent).

Rule IDxccdf_pcf.pci.SV-90267r2_rule_services
Result
pass
Time2020-05-05T17:46:34
Severitymedium
Identifiers and References

Identifiers:  CCI-000366, CM-6 b

The Ubuntu operating system must use a separate file system for the system audit data path.xccdf_pcf.pci.SV-90271r1_rule_services lowCCI-000366 CM-6 b

The Ubuntu operating system must use a separate file system for the system audit data path.

Rule IDxccdf_pcf.pci.SV-90271r1_rule_services
Result
pass
Time2020-05-05T17:46:34
Severitylow
Identifiers and References

Identifiers:  CCI-000366, CM-6 b

The /var/log directory must be group-owned by syslog.xccdf_pcf.pci.SV-90273r2_rule_services mediumCCI-001314 SI-11 b

The /var/log directory must be group-owned by syslog.

Rule IDxccdf_pcf.pci.SV-90273r2_rule_services
Result
pass
Time2020-05-05T17:46:35
Severitymedium
Identifiers and References

Identifiers:  CCI-001314, SI-11 b

The /var/log directory must be owned by root.xccdf_pcf.pci.SV-90275r2_rule_services mediumCCI-001314 SI-11 b

The /var/log directory must be owned by root.

Rule IDxccdf_pcf.pci.SV-90275r2_rule_services
Result
pass
Time2020-05-05T17:46:35
Severitymedium
Identifiers and References

Identifiers:  CCI-001314, SI-11 b

The /var/log/syslog file must be owned by syslog.xccdf_pcf.pci.SV-90281r2_rule_services mediumCCI-001314 SI-11 b

The /var/log/syslog file must be owned by syslog.

Rule IDxccdf_pcf.pci.SV-90281r2_rule_services
Result
pass
Time2020-05-05T17:46:35
Severitymedium
Identifiers and References

Identifiers:  CCI-001314, SI-11 b

The /var/log/syslog directory must have mode 0640 or less permissive.xccdf_pcf.pci.SV-90283r3_rule_services mediumCCI-001314 SI-11 b

The /var/log/syslog directory must have mode 0640 or less permissive.

Rule IDxccdf_pcf.pci.SV-90283r3_rule_services
Result
pass
Time2020-05-05T17:46:35
Severitymedium
Identifiers and References

Identifiers:  CCI-001314, SI-11 b

Library files must have mode 0755 or less permissive.xccdf_pcf.pci.SV-90285r2_rule_services mediumCCI-001499 CM-5 (6)

Library files must have mode 0755 or less permissive.

Rule IDxccdf_pcf.pci.SV-90285r2_rule_services
Result
pass
Time2020-05-05T17:46:35
Severitymedium
Identifiers and References

Identifiers:  CCI-001499, CM-5 (6)

Library files must be owned by root.xccdf_pcf.pci.SV-90287r2_rule_services mediumCCI-001499 CM-5 (6)

Library files must be owned by root.

Rule IDxccdf_pcf.pci.SV-90287r2_rule_services
Result
pass
Time2020-05-05T17:46:35
Severitymedium
Identifiers and References

Identifiers:  CCI-001499, CM-5 (6)

System commands must have mode 0755 or less permissive.xccdf_pcf.pci.SV-90291r2_rule_services mediumCCI-001499 CM-5 (6)

System commands must have mode 0755 or less permissive.

Rule IDxccdf_pcf.pci.SV-90291r2_rule_services
Result
pass
Time2020-05-05T17:46:35
Severitymedium
Identifiers and References

Identifiers:  CCI-001499, CM-5 (6)

System files must be owned by root.xccdf_pcf.pci.SV-90293r2_rule_services mediumCCI-001499 CM-5 (6)

System files must be owned by root.

Rule IDxccdf_pcf.pci.SV-90293r2_rule_services
Result
pass
Time2020-05-05T17:46:35
Severitymedium
Identifiers and References

Identifiers:  CCI-001499, CM-5 (6)

System files must be group-owned by root.xccdf_pcf.pci.SV-90295r2_rule_services mediumCCI-001499 CM-5 (6)

System files must be group-owned by root.

Rule IDxccdf_pcf.pci.SV-90295r2_rule_services
Result
pass
Time2020-05-05T17:46:35
Severitymedium
Identifiers and References

Identifiers:  CCI-001499, CM-5 (6)

Audit records must contain information to establish what type of events occurred, the source of events, where events occurred, and the outcome of events.xccdf_pcf.pci.SV-90297r1-1_rule_services mediumCCI-000130 CCI-000131 CCI-000132 CCI-000133 CCI-000134 CCI-000135 CCI-000154 CCI-000158 CCI-000172 CCI-001464 CCI-001487 CCI-001814 CCI-001875 CCI-001876 CCI-001877 CCI-001878 CCI-001880 CCI-001914 CCI-002884 AU-3

Audit records must contain information to establish what type of events occurred, the source of events, where events occurred, and the outcome of events.

Rule IDxccdf_pcf.pci.SV-90297r1-1_rule_services
Result
pass
Time2020-05-05T17:46:35
Severitymedium
Identifiers and References

Identifiers:  CCI-000130, CCI-000131, CCI-000132, CCI-000133, CCI-000134, CCI-000135, CCI-000154, CCI-000158, CCI-000172, CCI-001464, CCI-001487, CCI-001814, CCI-001875, CCI-001876, CCI-001877, CCI-001878, CCI-001880, CCI-001914, CCI-002884, AU-3

Audit records must contain information to establish what type of events occurred, the source of events, where events occurred, and the outcome of events.xccdf_pcf.pci.SV-90297r1-2_rule_services mediumCCI-000130 CCI-000131 CCI-000132 CCI-000133 CCI-000134 CCI-000135 CCI-000154 CCI-000158 CCI-000172 0158 CCI-000172 CCI-001464 CCI-001487 CCI-001814 CCI-001875 CCI-001876 CCI-001877 CCI-001878 CCI-001880 CCI-001914 1880 CCI-001914 CCI-002884 AU-3

Audit records must contain information to establish what type of events occurred, the source of events, where events occurred, and the outcome of events.

Rule IDxccdf_pcf.pci.SV-90297r1-2_rule_services
Result
pass
Time2020-05-05T17:46:35
Severitymedium
Identifiers and References

Identifiers:  CCI-000130, CCI-000131, CCI-000132, CCI-000133, CCI-000134, CCI-000135, CCI-000154, CCI-000158, CCI-000172, 0158, CCI-000172, CCI-001464, CCI-001487, CCI-001814, CCI-001875, CCI-001876, CCI-001877, CCI-001878, CCI-001880, CCI-001914, 1880, CCI-001914, CCI-002884, AU-3

The auditd service must be running in the Ubuntu operating system.xccdf_pcf.pci.SV-95671r1_rule_services mediumCCI-000366 CM-6 b

The auditd service must be running in the Ubuntu operating system.

Rule IDxccdf_pcf.pci.SV-95671r1_rule_services
Result
pass
Time2020-05-05T17:46:35
Severitymedium
Identifiers and References

Identifiers:  CCI-000366, CM-6 b

The Ubuntu operating system must notify the System Administrator (SA) and Information System Security Officer (ISSO) (at a minimum) via email when allocated audit record storage volume reaches 75% of the repository maximum audit record storage capacity.xccdf_pcf.pci.SV-90303r2_rule_services mediumCCI-001855 AU-5 (1)

The Ubuntu operating system must notify the System Administrator (SA) and Information System Security Officer (ISSO) (at a minimum) via email when allocated audit record storage volume reaches 75% of the repository maximum audit record storage capacity.

Rule IDxccdf_pcf.pci.SV-90303r2_rule_services
Result
pass
Time2020-05-05T17:46:35
Severitymedium
Identifiers and References

Identifiers:  CCI-001855, AU-5 (1)

The System Administrator (SA) and Information System Security Officer (ISSO) (at a minimum) must be alerted of an audit processing failure event.xccdf_pcf.pci.SV-90305r2_rule_services mediumCCI-000139 AU-5 a

The System Administrator (SA) and Information System Security Officer (ISSO) (at a minimum) must be alerted of an audit processing failure event.

Rule IDxccdf_pcf.pci.SV-90305r2_rule_services
Result
pass
Time2020-05-05T17:46:35
Severitymedium
Identifiers and References

Identifiers:  CCI-000139, AU-5 a

The audit system must take appropriate action when the audit storage volume is full.xccdf_pcf.pci.SV-90309r2_rule_services mediumCCI-000140 AU-5 b

The audit system must take appropriate action when the audit storage volume is full.

Rule IDxccdf_pcf.pci.SV-90309r2_rule_services
Result
pass
Time2020-05-05T17:46:35
Severitymedium
Identifiers and References

Identifiers:  CCI-000140, AU-5 b

Audit logs must have a mode of 0600 or less permissive to prevent unauthorized read access.xccdf_pcf.pci.SV-90315r2_rule_services mediumCCI-000162 CCI-000163 CCI-000164 AU-9

Audit logs must have a mode of 0600 or less permissive to prevent unauthorized read access.

Rule IDxccdf_pcf.pci.SV-90315r2_rule_services
Result
pass
Time2020-05-05T17:46:35
Severitymedium
Identifiers and References

Identifiers:  CCI-000162, CCI-000163, CCI-000164, AU-9

Audit log directories must have a mode of 0750 or less permissive to prevent unauthorized read access.xccdf_pcf.pci.SV-90317r2_rule_services mediumCCI-000162 CCI-000163 CCI-000164 AU-9

Audit log directories must have a mode of 0750 or less permissive to prevent unauthorized read access.

Rule IDxccdf_pcf.pci.SV-90317r2_rule_services
Result
pass
Time2020-05-05T17:46:35
Severitymedium
Identifiers and References

Identifiers:  CCI-000162, CCI-000163, CCI-000164, AU-9

Audit logs must be owned by root to prevent unauthorized read access.xccdf_pcf.pci.SV-90319r2_rule_services mediumCCI-000162 CCI-000163 CCI-000164 AU-9

Audit logs must be owned by root to prevent unauthorized read access.

Rule IDxccdf_pcf.pci.SV-90319r2_rule_services
Result
pass
Time2020-05-05T17:46:35
Severitymedium
Identifiers and References

Identifiers:  CCI-000162, CCI-000163, CCI-000164, AU-9

Audit logs must be group-owned by root to prevent unauthorized read access.xccdf_pcf.pci.SV-90321r2_rule_services mediumCCI-001314 AU-9

Audit logs must be group-owned by root to prevent unauthorized read access.

Rule IDxccdf_pcf.pci.SV-90321r2_rule_services
Result
pass
Time2020-05-05T17:46:35
Severitymedium
Identifiers and References

Identifiers:  CCI-001314, AU-9

Audit log directory must be owned by root to prevent unauthorized read access.xccdf_pcf.pci.SV-90323r2_rule_services mediumCCI-000162 CCI-000163 CCI-000164 AU-9

Audit log directory must be owned by root to prevent unauthorized read access.

Rule IDxccdf_pcf.pci.SV-90323r2_rule_services
Result
pass
Time2020-05-05T17:46:35
Severitymedium
Identifiers and References

Identifiers:  CCI-000162, CCI-000163, CCI-000164, AU-9

Audit log directory must be group-owned by root to prevent unauthorized read access.xccdf_pcf.pci.SV-90325r2_rule_services mediumCCI-000162 CCI-000163 CCI-000164 AU-9

Audit log directory must be group-owned by root to prevent unauthorized read access.

Rule IDxccdf_pcf.pci.SV-90325r2_rule_services
Result
pass
Time2020-05-05T17:46:35
Severitymedium
Identifiers and References

Identifiers:  CCI-000162, CCI-000163, CCI-000164, AU-9

The Ubuntu operating system must allow only the Information System Security Manager (ISSM) (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited.xccdf_pcf.pci.SV-90327r1-1_rule_services mediumCCI-000171 AU-12 b

The Ubuntu operating system must allow only the Information System Security Manager (ISSM) (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited.

Rule IDxccdf_pcf.pci.SV-90327r1-1_rule_services
Result
pass
Time2020-05-05T17:46:35
Severitymedium
Identifiers and References

Identifiers:  CCI-000171, AU-12 b

The Ubuntu operating system must allow only the Information System Security Manager (ISSM) (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited.xccdf_pcf.pci.SV-90327r1-2_rule_services mediumCCI-000171 AU-12 b

The Ubuntu operating system must allow only the Information System Security Manager (ISSM) (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited.

Rule IDxccdf_pcf.pci.SV-90327r1-2_rule_services
Result
pass
Time2020-05-05T17:46:35
Severitymedium
Identifiers and References

Identifiers:  CCI-000171, AU-12 b

The audit log files must be owned by root.xccdf_pcf.pci.SV-90329r2_rule_services mediumCCI-001314 SI-11 b

The audit log files must be owned by root.

Rule IDxccdf_pcf.pci.SV-90329r2_rule_services
Result
pass
Time2020-05-05T17:46:35
Severitymedium
Identifiers and References

Identifiers:  CCI-001314, SI-11 b

The audit log files in the Ubuntu operating system must have mode 0640 or less permissive.xccdf_pcf.pci.SV-95675r1_rule_services mediumCCI-001314 SI-11 b

The audit log files in the Ubuntu operating system must have mode 0640 or less permissive.

Rule IDxccdf_pcf.pci.SV-95675r1_rule_services
Result
pass
Time2020-05-05T17:46:35
Severitymedium
Identifiers and References

Identifiers:  CCI-001314, SI-11 b

Audit tools must have a mode of 0755 or less permissive.xccdf_pcf.pci.SV-90333r2_rule_services mediumCCI-001493 CCI-001494 CCI-001495 AU-9

Audit tools must have a mode of 0755 or less permissive.

Rule IDxccdf_pcf.pci.SV-90333r2_rule_services
Result
pass
Time2020-05-05T17:46:35
Severitymedium
Identifiers and References

Identifiers:  CCI-001493, CCI-001494, CCI-001495, AU-9

Audit tools must be owned by root.xccdf_pcf.pci.SV-90335r2_rule_services mediumCCI-001493 CCI-001494 CCI-001495 AU-9

Audit tools must be owned by root.

Rule IDxccdf_pcf.pci.SV-90335r2_rule_services
Result
pass
Time2020-05-05T17:46:35
Severitymedium
Identifiers and References

Identifiers:  CCI-001493, CCI-001494, CCI-001495, AU-9

Audit tools must be group-owned by root.xccdf_pcf.pci.SV-90337r2_rule_services mediumCCI-001493 CCI-001494 CCI-001495 AU-9

Audit tools must be group-owned by root.

Rule IDxccdf_pcf.pci.SV-90337r2_rule_services
Result
pass
Time2020-05-05T17:46:35
Severitymedium
Identifiers and References

Identifiers:  CCI-001493, CCI-001494, CCI-001495, AU-9

The Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.xccdf_pcf.pci.SV-90341r3_rule_services mediumCCI-000130 CCI-000135 CCI-000169 CCI-000172 CCI-002132 CCI-002884 AU-3

The Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.

Rule IDxccdf_pcf.pci.SV-90341r3_rule_services
Result
pass
Time2020-05-05T17:46:35
Severitymedium
Identifiers and References

Identifiers:  CCI-000130, CCI-000135, CCI-000169, CCI-000172, CCI-002132, CCI-002884, AU-3

The Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group.xccdf_pcf.pci.SV-90343r3_rule_services mediumCCI-000130 CCI-000135 CCI-000169 CCI-000172 CCI-002132 CCI-002884 AU-3

The Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group.

Rule IDxccdf_pcf.pci.SV-90343r3_rule_services
Result
pass
Time2020-05-05T17:46:35
Severitymedium
Identifiers and References

Identifiers:  CCI-000130, CCI-000135, CCI-000169, CCI-000172, CCI-002132, CCI-002884, AU-3

The Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/gshadow.xccdf_pcf.pci.SV-90345r3_rule_services mediumCCI-000130 CCI-000135 CCI-000169 CCI-000172 CCI-002132 CCI-002884 AU-3

The Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/gshadow.

Rule IDxccdf_pcf.pci.SV-90345r3_rule_services
Result
pass
Time2020-05-05T17:46:35
Severitymedium
Identifiers and References

Identifiers:  CCI-000130, CCI-000135, CCI-000169, CCI-000172, CCI-002132, CCI-002884, AU-3

The Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow.xccdf_pcf.pci.SV-90347r3_rule_services mediumCCI-000130 CCI-000135 CCI-000169 CCI-000172 CCI-002132 CCI-002884 AU-3

The Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow.

Rule IDxccdf_pcf.pci.SV-90347r3_rule_services
Result
pass
Time2020-05-05T17:46:35
Severitymedium
Identifiers and References

Identifiers:  CCI-000130, CCI-000135, CCI-000169, CCI-000172, CCI-002132, CCI-002884, AU-3

The Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/security/opasswd.xccdf_pcf.pci.SV-90367r3_rule_services mediumCCI-000130 CCI-000135 CCI-000169 CCI-000172 CCI-002132 CCI-002884 AU-3

The Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/security/opasswd.

Rule IDxccdf_pcf.pci.SV-90367r3_rule_services
Result
pass
Time2020-05-05T17:46:35
Severitymedium
Identifiers and References

Identifiers:  CCI-000130, CCI-000135, CCI-000169, CCI-000172, CCI-002132, CCI-002884, AU-3

The audit system must be configured to audit the execution of privileged functions and prevent all software from executing at higher privilege levels than users executing the software.xccdf_pcf.pci.SV-90369r2_rule_services mediumCCI-002233 CCI-002234 AC-6 (8)

The audit system must be configured to audit the execution of privileged functions and prevent all software from executing at higher privilege levels than users executing the software.

Rule IDxccdf_pcf.pci.SV-90369r2_rule_services
Result
pass
Time2020-05-05T17:46:35
Severitymedium
Identifiers and References

Identifiers:  CCI-002233, CCI-002234, AC-6 (8)

Successful/unsuccessful uses of the su command must generate an audit record.xccdf_pcf.pci.SV-90371r3_rule_services mediumCCI-000130 CCI-000135 CCI-000169 CCI-000172 CCI-002132 CCI-002884 AU-3

Successful/unsuccessful uses of the su command must generate an audit record.

Rule IDxccdf_pcf.pci.SV-90371r3_rule_services
Result
pass
Time2020-05-05T17:46:35
Severitymedium
Identifiers and References

Identifiers:  CCI-000130, CCI-000135, CCI-000169, CCI-000172, CCI-002132, CCI-002884, AU-3

Successful/unsuccessful uses of the chfn command must generate an audit record.xccdf_pcf.pci.SV-90373r3_rule_services mediumCCI-000130 CCI-000135 CCI-000169 CCI-000172 CCI-002884 AU-3

Successful/unsuccessful uses of the chfn command must generate an audit record.

Rule IDxccdf_pcf.pci.SV-90373r3_rule_services
Result
pass
Time2020-05-05T17:46:35
Severitymedium
Identifiers and References

Identifiers:  CCI-000130, CCI-000135, CCI-000169, CCI-000172, CCI-002884, AU-3

Successful/unsuccessful uses of the mount command must generate an audit record.xccdf_pcf.pci.SV-90375r3_rule_services lowCCI-000130 CCI-000135 CCI-000169 CCI-000172 CCI-002884 AU-3

Successful/unsuccessful uses of the mount command must generate an audit record.

Rule IDxccdf_pcf.pci.SV-90375r3_rule_services
Result
pass
Time2020-05-05T17:46:35
Severitylow
Identifiers and References

Identifiers:  CCI-000130, CCI-000135, CCI-000169, CCI-000172, CCI-002884, AU-3

Successful/unsuccessful uses of the umount command must generate an audit record.xccdf_pcf.pci.SV-90377r3_rule_services mediumCCI-000135 CCI-000172 CCI-002884 AU-3 (1)

Successful/unsuccessful uses of the umount command must generate an audit record.

Rule IDxccdf_pcf.pci.SV-90377r3_rule_services
Result
pass
Time2020-05-05T17:46:35
Severitymedium
Identifiers and References

Identifiers:  CCI-000135, CCI-000172, CCI-002884, AU-3 (1)

Successful/unsuccessful uses of the ssh-agent command must generate an audit record.xccdf_pcf.pci.SV-90379r3_rule_services mediumCCI-000130 CCI-000135 CCI-000169 CCI-000172 CCI-002884 AU-3

Successful/unsuccessful uses of the ssh-agent command must generate an audit record.

Rule IDxccdf_pcf.pci.SV-90379r3_rule_services
Result
pass
Time2020-05-05T17:46:35
Severitymedium
Identifiers and References

Identifiers:  CCI-000130, CCI-000135, CCI-000169, CCI-000172, CCI-002884, AU-3

Successful/unsuccessful uses of the ssh-keysign command must generate an audit record.xccdf_pcf.pci.SV-90387r3_rule_services mediumCCI-000130 CCI-000135 CCI-000169 CCI-000172 CCI-002884 AU-3

Successful/unsuccessful uses of the ssh-keysign command must generate an audit record.

Rule IDxccdf_pcf.pci.SV-90387r3_rule_services
Result
pass
Time2020-05-05T17:46:35
Severitymedium
Identifiers and References

Identifiers:  CCI-000130, CCI-000135, CCI-000169, CCI-000172, CCI-002884, AU-3

The audit system must be configured to audit any usage of the insmod command.xccdf_pcf.pci.SV-90389r2_rule_services mediumCCI-000130 CCI-000135 CCI-000169 CCI-000172 CCI-002884 AU-3

The audit system must be configured to audit any usage of the insmod command.

Rule IDxccdf_pcf.pci.SV-90389r2_rule_services
Result
pass
Time2020-05-05T17:46:35
Severitymedium
Identifiers and References

Identifiers:  CCI-000130, CCI-000135, CCI-000169, CCI-000172, CCI-002884, AU-3

The audit system must be configured to audit any usage of the rmmod command.xccdf_pcf.pci.SV-90391r2_rule_services mediumCCI-000130 CCI-000135 CCI-000169 CCI-000172 CCI-002884 AU-3

The audit system must be configured to audit any usage of the rmmod command.

Rule IDxccdf_pcf.pci.SV-90391r2_rule_services
Result
pass
Time2020-05-05T17:46:35
Severitymedium
Identifiers and References

Identifiers:  CCI-000130, CCI-000135, CCI-000169, CCI-000172, CCI-002884, AU-3

The audit system must be configured to audit any usage of the modprobe command.xccdf_pcf.pci.SV-90393r2_rule_services mediumCCI-000130 CCI-000135 CCI-000169 CCI-000172 CCI-002884 AU-3

The audit system must be configured to audit any usage of the modprobe command.

Rule IDxccdf_pcf.pci.SV-90393r2_rule_services
Result
pass
Time2020-05-05T17:46:35
Severitymedium
Identifiers and References

Identifiers:  CCI-000130, CCI-000135, CCI-000169, CCI-000172, CCI-002884, AU-3

The audit system must be configured to audit any usage of the kmod command.xccdf_pcf.pci.SV-90395r2_rule_services mediumCCI-000130 CCI-000135 CCI-000169 CCI-000172 CCI-002884 AU-3

The audit system must be configured to audit any usage of the kmod command.

Rule IDxccdf_pcf.pci.SV-90395r2_rule_services
Result
pass
Time2020-05-05T17:46:35
Severitymedium
Identifiers and References

Identifiers:  CCI-000130, CCI-000135, CCI-000169, CCI-000172, CCI-002884, AU-3

Successful/unsuccessful uses of the chown command must generate an audit record.xccdf_pcf.pci.SV-90409r3_rule_services mediumCCI-000130 CCI-000135 CCI-000169 CCI-000172 CCI-002884 AU-3

Successful/unsuccessful uses of the chown command must generate an audit record.

Rule IDxccdf_pcf.pci.SV-90409r3_rule_services
Result
pass
Time2020-05-05T17:46:35
Severitymedium
Identifiers and References

Identifiers:  CCI-000130, CCI-000135, CCI-000169, CCI-000172, CCI-002884, AU-3

Successful/unsuccessful uses of the fchown command must generate an audit record.xccdf_pcf.pci.SV-90411r3_rule_services mediumCCI-000130 CCI-000135 CCI-000169 CCI-000172 CCI-002884 AU-3

Successful/unsuccessful uses of the fchown command must generate an audit record.

Rule IDxccdf_pcf.pci.SV-90411r3_rule_services
Result
pass
Time2020-05-05T17:46:35
Severitymedium
Identifiers and References

Identifiers:  CCI-000130, CCI-000135, CCI-000169, CCI-000172, CCI-002884, AU-3

Successful/unsuccessful uses of the fchownat command must generate an audit record.xccdf_pcf.pci.SV-90413r3_rule_services mediumCCI-000130 CCI-000135 CCI-000169 CCI-000172 CCI-002884 AU-3

Successful/unsuccessful uses of the fchownat command must generate an audit record.

Rule IDxccdf_pcf.pci.SV-90413r3_rule_services
Result
pass
Time2020-05-05T17:46:35
Severitymedium
Identifiers and References

Identifiers:  CCI-000130, CCI-000135, CCI-000169, CCI-000172, CCI-002884, AU-3

Successful/unsuccessful uses of the lchown command must generate an audit record.xccdf_pcf.pci.SV-90415r3_rule_services mediumCCI-000130 CCI-000135 CCI-000169 CCI-000172 CCI-002884 AU-3

Successful/unsuccessful uses of the lchown command must generate an audit record.

Rule IDxccdf_pcf.pci.SV-90415r3_rule_services
Result
pass
Time2020-05-05T17:46:35
Severitymedium
Identifiers and References

Identifiers:  CCI-000130, CCI-000135, CCI-000169, CCI-000172, CCI-002884, AU-3

Successful/unsuccessful uses of the chmod command must generate an audit record.xccdf_pcf.pci.SV-90417r3_rule_services mediumCCI-000130 CCI-000135 CCI-000169 CCI-000172 CCI-002884 AU-3

Successful/unsuccessful uses of the chmod command must generate an audit record.

Rule IDxccdf_pcf.pci.SV-90417r3_rule_services
Result
pass
Time2020-05-05T17:46:35
Severitymedium
Identifiers and References

Identifiers:  CCI-000130, CCI-000135, CCI-000169, CCI-000172, CCI-002884, AU-3

Successful/unsuccessful uses of the fchmod command must generate an audit record.xccdf_pcf.pci.SV-90419r3_rule_services mediumCCI-000130 CCI-000135 CCI-000169 CCI-000172 CCI-002884 AU-3

Successful/unsuccessful uses of the fchmod command must generate an audit record.

Rule IDxccdf_pcf.pci.SV-90419r3_rule_services
Result
pass
Time2020-05-05T17:46:35
Severitymedium
Identifiers and References

Identifiers:  CCI-000130, CCI-000135, CCI-000169, CCI-000172, CCI-002884, AU-3

Successful/unsuccessful uses of the fchmodat command must generate an audit record.xccdf_pcf.pci.SV-90421r3_rule_services mediumCCI-000130 CCI-000135 CCI-000169 CCI-000172 CCI-002884 AU-3

Successful/unsuccessful uses of the fchmodat command must generate an audit record.

Rule IDxccdf_pcf.pci.SV-90421r3_rule_services
Result
pass
Time2020-05-05T17:46:35
Severitymedium
Identifiers and References

Identifiers:  CCI-000130, CCI-000135, CCI-000169, CCI-000172, CCI-002884, AU-3

Successful/unsuccessful uses of the open command must generate an audit record.xccdf_pcf.pci.SV-90423r3_rule_services mediumCCI-000130 CCI-000135 CCI-000169 CCI-000172 CCI-002884 AU-3

Successful/unsuccessful uses of the open command must generate an audit record.

Rule IDxccdf_pcf.pci.SV-90423r3_rule_services
Result
pass
Time2020-05-05T17:46:35
Severitymedium
Identifiers and References

Identifiers:  CCI-000130, CCI-000135, CCI-000169, CCI-000172, CCI-002884, AU-3

Successful/unsuccessful uses of the truncate command must generate an audit record.xccdf_pcf.pci.SV-90425r3_rule_services mediumCCI-000130 CCI-000135 CCI-000169 CCI-000172 CCI-002884 AU-3

Successful/unsuccessful uses of the truncate command must generate an audit record.

Rule IDxccdf_pcf.pci.SV-90425r3_rule_services
Result
pass
Time2020-05-05T17:46:35
Severitymedium
Identifiers and References

Identifiers:  CCI-000130, CCI-000135, CCI-000169, CCI-000172, CCI-002884, AU-3

Successful/unsuccessful uses of the ftruncate command must generate an audit record.xccdf_pcf.pci.SV-90427r3_rule_services mediumCCI-000130 CCI-000135 CCI-000169 CCI-000172 CCI-002884 AU-3

Successful/unsuccessful uses of the ftruncate command must generate an audit record.

Rule IDxccdf_pcf.pci.SV-90427r3_rule_services
Result
pass
Time2020-05-05T17:46:35
Severitymedium
Identifiers and References

Identifiers:  CCI-000130, CCI-000135, CCI-000169, CCI-000172, CCI-002884, AU-3

Successful/unsuccessful uses of the creat command must generate an audit record.xccdf_pcf.pci.SV-90429r3_rule_services mediumCCI-000130 CCI-000135 CCI-000169 CCI-000172 CCI-002884 AU-3

Successful/unsuccessful uses of the creat command must generate an audit record.

Rule IDxccdf_pcf.pci.SV-90429r3_rule_services
Result
pass
Time2020-05-05T17:46:35
Severitymedium
Identifiers and References

Identifiers:  CCI-000130, CCI-000135, CCI-000169, CCI-000172, CCI-002884, AU-3

Successful/unsuccessful uses of the openat command must generate an audit record.xccdf_pcf.pci.SV-90431r3_rule_services mediumCCI-000130 CCI-000135 CCI-000169 CCI-000172 CCI-002884 AU-3

Successful/unsuccessful uses of the openat command must generate an audit record.

Rule IDxccdf_pcf.pci.SV-90431r3_rule_services
Result
pass
Time2020-05-05T17:46:35
Severitymedium
Identifiers and References

Identifiers:  CCI-000130, CCI-000135, CCI-000169, CCI-000172, CCI-002884, AU-3

Successful/unsuccessful uses of the open_by_handle_at command must generate an audit record.xccdf_pcf.pci.SV-90433r3_rule_services mediumCCI-000130 CCI-000135 CCI-000169 CCI-000172 CCI-002884 AU-3

Successful/unsuccessful uses of the open_by_handle_at command must generate an audit record.

Rule IDxccdf_pcf.pci.SV-90433r3_rule_services
Result
pass
Time2020-05-05T17:46:35
Severitymedium
Identifiers and References

Identifiers:  CCI-000130, CCI-000135, CCI-000169, CCI-000172, CCI-002884, AU-3

Successful/unsuccessful uses of the sudo command must generate an audit record.xccdf_pcf.pci.SV-90435r3_rule_services mediumCCI-000130 CCI-000135 CCI-000169 CCI-000172 CCI-002884 AU-3

Successful/unsuccessful uses of the sudo command must generate an audit record.

Rule IDxccdf_pcf.pci.SV-90435r3_rule_services
Result
pass
Time2020-05-05T17:46:35
Severitymedium
Identifiers and References

Identifiers:  CCI-000130, CCI-000135, CCI-000169, CCI-000172, CCI-002884, AU-3

Successful/unsuccessful uses of the sudoedit command must generate an audit record.xccdf_pcf.pci.SV-90437r3_rule_services mediumCCI-000130 CCI-000135 CCI-000169 CCI-000172 CCI-002884 AU-3

Successful/unsuccessful uses of the sudoedit command must generate an audit record.

Rule IDxccdf_pcf.pci.SV-90437r3_rule_services
Result
pass
Time2020-05-05T17:46:35
Severitymedium
Identifiers and References

Identifiers:  CCI-000130, CCI-000135, CCI-000169, CCI-000172, CCI-002884, AU-3

Successful/unsuccessful uses of the chsh command must generate an audit record.xccdf_pcf.pci.SV-90439r3_rule_services mediumCCI-000130 CCI-000135 CCI-000169 CCI-000172 CCI-002884 AU-3

Successful/unsuccessful uses of the chsh command must generate an audit record.

Rule IDxccdf_pcf.pci.SV-90439r3_rule_services
Result
pass
Time2020-05-05T17:46:35
Severitymedium
Identifiers and References

Identifiers:  CCI-000130, CCI-000135, CCI-000169, CCI-000172, CCI-002884, AU-3

Successful/unsuccessful uses of the newgrp command must generate an audit record.xccdf_pcf.pci.SV-90441r4_rule_services mediumCCI-000130 CCI-000135 CCI-000169 CCI-000172 CCI-002884 AU-3

Successful/unsuccessful uses of the newgrp command must generate an audit record.

Rule IDxccdf_pcf.pci.SV-90441r4_rule_services
Result
pass
Time2020-05-05T17:46:35
Severitymedium
Identifiers and References

Identifiers:  CCI-000130, CCI-000135, CCI-000169, CCI-000172, CCI-002884, AU-3

Successful/unsuccessful uses of the chcon command must generate an audit record.xccdf_pcf.pci.SV-95681r1_rule_services mediumCCI-000130 CCI-000135 CCI-000169 CCI-000172 CCI-002884 AU-3

Successful/unsuccessful uses of the chcon command must generate an audit record.

Rule IDxccdf_pcf.pci.SV-95681r1_rule_services
Result
pass
Time2020-05-05T17:46:35
Severitymedium
Identifiers and References

Identifiers:  CCI-000130, CCI-000135, CCI-000169, CCI-000172, CCI-002884, AU-3

Successful/unsuccessful uses of the apparmor_parser command must generate an audit record.xccdf_pcf.pci.SV-90445r3_rule_services mediumCCI-000130 CCI-000135 CCI-000169 CCI-000172 CCI-002884 AU-3

Successful/unsuccessful uses of the apparmor_parser command must generate an audit record.

Rule IDxccdf_pcf.pci.SV-90445r3_rule_services
Result
pass
Time2020-05-05T17:46:35
Severitymedium
Identifiers and References

Identifiers:  CCI-000130, CCI-000135, CCI-000169, CCI-000172, CCI-002884, AU-3

Successful/unsuccessful modifications to the tallylog file must generate an audit record.xccdf_pcf.pci.SV-90451r3_rule_services mediumCCI-000130 CCI-000135 CCI-000169 CCI-000172 CCI-002884 AU-3

Successful/unsuccessful modifications to the tallylog file must generate an audit record.

Rule IDxccdf_pcf.pci.SV-90451r3_rule_services
Result
pass
Time2020-05-05T17:46:35
Severitymedium
Identifiers and References

Identifiers:  CCI-000130, CCI-000135, CCI-000169, CCI-000172, CCI-002884, AU-3

Successful/unsuccessful modifications to the faillog file must generate an audit record.xccdf_pcf.pci.SV-90453r3_rule_services mediumCCI-000130 CCI-000135 CCI-000169 CCI-000172 CCI-002884 AU-3

Successful/unsuccessful modifications to the faillog file must generate an audit record.

Rule IDxccdf_pcf.pci.SV-90453r3_rule_services
Result
pass
Time2020-05-05T17:46:35
Severitymedium
Identifiers and References

Identifiers:  CCI-000130, CCI-000135, CCI-000169, CCI-000172, CCI-002884, AU-3

Successful/unsuccessful modifications to the lastlog file must generate an audit record.xccdf_pcf.pci.SV-90455r3_rule_services mediumCCI-000130 CCI-000135 CCI-000169 CCI-000172 CCI-002884 AU-3

Successful/unsuccessful modifications to the lastlog file must generate an audit record.

Rule IDxccdf_pcf.pci.SV-90455r3_rule_services
Result
pass
Time2020-05-05T17:46:35
Severitymedium
Identifiers and References

Identifiers:  CCI-000130, CCI-000135, CCI-000169, CCI-000172, CCI-002884, AU-3

Successful/unsuccessful uses of the passwd command must generate an audit record.xccdf_pcf.pci.SV-90457r3_rule_services mediumCCI-000130 CCI-000135 CCI-000169 CCI-000172 CCI-002884 AU-3

Successful/unsuccessful uses of the passwd command must generate an audit record.

Rule IDxccdf_pcf.pci.SV-90457r3_rule_services
Result
pass
Time2020-05-05T17:46:35
Severitymedium
Identifiers and References

Identifiers:  CCI-000130, CCI-000135, CCI-000169, CCI-000172, CCI-002884, AU-3

Successful/unsuccessful uses of the unix_update command must generate an audit record.xccdf_pcf.pci.SV-90459r3_rule_services mediumCCI-000130 CCI-000135 CCI-000169 CCI-000172 CCI-002884 AU-3

Successful/unsuccessful uses of the unix_update command must generate an audit record.

Rule IDxccdf_pcf.pci.SV-90459r3_rule_services
Result
pass
Time2020-05-05T17:46:35
Severitymedium
Identifiers and References

Identifiers:  CCI-000130, CCI-000135, CCI-000169, CCI-000172, CCI-002884, AU-3

Successful/unsuccessful uses of the gpasswd command must generate an audit record.xccdf_pcf.pci.SV-90461r3_rule_services mediumCCI-000130 CCI-000135 CCI-000169 CCI-000172 CCI-002884 AU-3

Successful/unsuccessful uses of the gpasswd command must generate an audit record.

Rule IDxccdf_pcf.pci.SV-90461r3_rule_services
Result
pass
Time2020-05-05T17:46:35
Severitymedium
Identifiers and References

Identifiers:  CCI-000130, CCI-000135, CCI-000169, CCI-000172, CCI-002884, AU-3

Successful/unsuccessful uses of the chage command must generate an audit record.xccdf_pcf.pci.SV-90463r3_rule_services mediumCCI-000130 CCI-000135 CCI-000169 CCI-000172 CCI-002884 AU-3

Successful/unsuccessful uses of the chage command must generate an audit record.

Rule IDxccdf_pcf.pci.SV-90463r3_rule_services
Result
pass
Time2020-05-05T17:46:35
Severitymedium
Identifiers and References

Identifiers:  CCI-000130, CCI-000135, CCI-000169, CCI-000172, CCI-002884, AU-3

Successful/unsuccessful uses of the usermod command must generate an audit record.xccdf_pcf.pci.SV-90465r3_rule_services mediumCCI-000130 CCI-000135 CCI-000169 CCI-000172 CCI-002884 AU-3

Successful/unsuccessful uses of the usermod command must generate an audit record.

Rule IDxccdf_pcf.pci.SV-90465r3_rule_services
Result
pass
Time2020-05-05T17:46:35
Severitymedium
Identifiers and References

Identifiers:  CCI-000130, CCI-000135, CCI-000169, CCI-000172, CCI-002884, AU-3

Successful/unsuccessful uses of the crontab command must generate an audit record.xccdf_pcf.pci.SV-90467r3_rule_services mediumCCI-000130 CCI-000135 CCI-000169 CCI-000172 CCI-002884 AU-3

Successful/unsuccessful uses of the crontab command must generate an audit record.

Rule IDxccdf_pcf.pci.SV-90467r3_rule_services
Result
pass
Time2020-05-05T17:46:35
Severitymedium
Identifiers and References

Identifiers:  CCI-000130, CCI-000135, CCI-000169, CCI-000172, CCI-002884, AU-3

Successful/unsuccessful uses of the pam_timestamp_check command must generate an audit record.xccdf_pcf.pci.SV-90469r3_rule_services mediumCCI-000130 CCI-000135 CCI-000169 CCI-000172 CCI-002884 AU-3

Successful/unsuccessful uses of the pam_timestamp_check command must generate an audit record.

Rule IDxccdf_pcf.pci.SV-90469r3_rule_services
Result
pass
Time2020-05-05T17:46:35
Severitymedium
Identifiers and References

Identifiers:  CCI-000130, CCI-000135, CCI-000169, CCI-000172, CCI-002884, AU-3

Successful/unsuccessful uses of the init_module command must generate an audit record.xccdf_pcf.pci.SV-90471r3_rule_services mediumCCI-000130 CCI-000135 CCI-000169 CCI-000172 CCI-002884 AU-3

Successful/unsuccessful uses of the init_module command must generate an audit record.

Rule IDxccdf_pcf.pci.SV-90471r3_rule_services
Result
pass
Time2020-05-05T17:46:35
Severitymedium
Identifiers and References

Identifiers:  CCI-000130, CCI-000135, CCI-000169, CCI-000172, CCI-002884, AU-3

Successful/unsuccessful uses of the finit_module command must generate an audit record.xccdf_pcf.pci.SV-90473r3_rule_services mediumCCI-000130 CCI-000135 CCI-000169 CCI-000172 CCI-002884 AU-3

Successful/unsuccessful uses of the finit_module command must generate an audit record.

Rule IDxccdf_pcf.pci.SV-90473r3_rule_services
Result
pass
Time2020-05-05T17:46:35
Severitymedium
Identifiers and References

Identifiers:  CCI-000130, CCI-000135, CCI-000169, CCI-000172, CCI-002884, AU-3

Successful/unsuccessful uses of the delete_module command must generate an audit record.xccdf_pcf.pci.SV-90475r3_rule_services mediumCCI-000130 CCI-000135 CCI-000169 CCI-000172 CCI-002884 AU-3

Successful/unsuccessful uses of the delete_module command must generate an audit record.

Rule IDxccdf_pcf.pci.SV-90475r3_rule_services
Result
pass
Time2020-05-05T17:46:35
Severitymedium
Identifiers and References

Identifiers:  CCI-000130, CCI-000135, CCI-000169, CCI-000172, CCI-002884, AU-3

The telnet package must not be installed.xccdf_pcf.pci.SV-90477r2_rule_services highCCI-000197 CCI-000381 IA-5 (1) (c)

The telnet package must not be installed.

Rule IDxccdf_pcf.pci.SV-90477r2_rule_services
Result
pass
Time2020-05-05T17:46:40
Severityhigh
Identifiers and References

Identifiers:  CCI-000197, CCI-000381, IA-5 (1) (c)

The Network Information Service (NIS) package must not be installed.xccdf_pcf.pci.SV-90479r2_rule_services highCCI-000381 CM-7 a

The Network Information Service (NIS) package must not be installed.

Rule IDxccdf_pcf.pci.SV-90479r2_rule_services
Result
pass
Time2020-05-05T17:46:41
Severityhigh
Identifiers and References

Identifiers:  CCI-000381, CM-7 a

The rsh-server package must not be installed.xccdf_pcf.pci.SV-90481r2_rule_services highCCI-000381 CM-7 a

The rsh-server package must not be installed.

Rule IDxccdf_pcf.pci.SV-90481r2_rule_services
Result
pass
Time2020-05-05T17:46:41
Severityhigh
Identifiers and References

Identifiers:  CCI-000381, CM-7 a

A sticky bit must be set on all public directories to prevent unauthorized and unintended information transferred via shared system resources.xccdf_pcf.pci.SV-90491r4_rule_services mediumCCI-001090 SC-4

A sticky bit must be set on all public directories to prevent unauthorized and unintended information transferred via shared system resources.

Rule IDxccdf_pcf.pci.SV-90491r4_rule_services
Result
pass
Time2020-05-05T17:46:41
Severitymedium
Identifiers and References

Identifiers:  CCI-001090, SC-4

The Ubuntu operating system must synchronize internal information system clocks to the authoritative time source when the time difference is greater than one second.xccdf_pcf.pci.SV-90495r2_rule_services mediumCCI-002046 AU-8 (1) (b)

The Ubuntu operating system must synchronize internal information system clocks to the authoritative time source when the time difference is greater than one second.

Rule IDxccdf_pcf.pci.SV-90495r2_rule_services
Result
pass
Time2020-05-05T17:46:41
Severitymedium
Identifiers and References

Identifiers:  CCI-002046, AU-8 (1) (b)

The Ubuntu operating system must record time stamps for audit records that can be mapped to Coordinated Universal Time (UTC) or Greenwich Mean Time (GMT).xccdf_pcf.pci.SV-90497r2_rule_services mediumCCI-001890 AU-8 b

The Ubuntu operating system must record time stamps for audit records that can be mapped to Coordinated Universal Time (UTC) or Greenwich Mean Time (GMT).

Rule IDxccdf_pcf.pci.SV-90497r2_rule_services
Result
pass
Time2020-05-05T17:46:41
Severitymedium
Identifiers and References

Identifiers:  CCI-001890, AU-8 b

The Ubuntu operating system must implement non-executable data to protect its memory from unauthorized code execution.xccdf_pcf.pci.SV-90499r2_rule_services mediumCCI-002824 SI-16

The Ubuntu operating system must implement non-executable data to protect its memory from unauthorized code execution.

Rule IDxccdf_pcf.pci.SV-90499r2_rule_services
Result
pass
Time2020-05-05T17:46:41
Severitymedium
Identifiers and References

Identifiers:  CCI-002824, SI-16

The Ubuntu operating system must implement address space layout randomization to protect its memory from unauthorized code execution.xccdf_pcf.pci.SV-90501r2_rule_services mediumCCI-002824 SI-16

The Ubuntu operating system must implement address space layout randomization to protect its memory from unauthorized code execution.

Rule IDxccdf_pcf.pci.SV-90501r2_rule_services
Result
pass
Time2020-05-05T17:46:41
Severitymedium
Identifiers and References

Identifiers:  CCI-002824, SI-16

The Ubuntu operating system must enforce SSHv2 for network access to all accounts.xccdf_pcf.pci.SV-90503r1_rule_services highCCI-001941 CCI-001942 IA-2 (8)

The Ubuntu operating system must enforce SSHv2 for network access to all accounts.

Rule IDxccdf_pcf.pci.SV-90503r1_rule_services
Result
pass
Time2020-05-05T17:46:41
Severityhigh
Identifiers and References

Identifiers:  CCI-001941, CCI-001942, IA-2 (8)

The Ubuntu operating system must display the Standard Mandatory DoD Notice and Consent Banner before granting local or remote access to the system via a SSH logon and the user must acknowledge the usage conditions and take explicit actions to log on for further access.xccdf_pcf.pci.SV-90505r3_rule_services mediumCCI-000048 AC-8 a

The Ubuntu operating system must display the Standard Mandatory DoD Notice and Consent Banner before granting local or remote access to the system via a SSH logon and the user must acknowledge the usage conditions and take explicit actions to log on for further access.

Rule IDxccdf_pcf.pci.SV-90505r3_rule_services
Result
pass
Time2020-05-05T17:46:41
Severitymedium
Identifiers and References

Identifiers:  CCI-000048, AC-8 a

The Ubuntu operating system must not permit direct logons to the root account using remote access via SSH.xccdf_pcf.pci.SV-90507r2_rule_services mediumCCI-000366 CM-6 b

The Ubuntu operating system must not permit direct logons to the root account using remote access via SSH.

Rule IDxccdf_pcf.pci.SV-90507r2_rule_services
Result
pass
Time2020-05-05T17:46:41
Severitymedium
Identifiers and References

Identifiers:  CCI-000366, CM-6 b

Unattended or automatic login via SSH must not be allowed.xccdf_pcf.pci.SV-90513r2_rule_services highCCI-000366 CM-6 b

Unattended or automatic login via SSH must not be allowed.

Rule IDxccdf_pcf.pci.SV-90513r2_rule_services
Result
pass
Time2020-05-05T17:46:41
Severityhigh
Identifiers and References

Identifiers:  CCI-000366, CM-6 b

The system must display the date and time of the last successful account logon upon an SSH logon.xccdf_pcf.pci.SV-90515r2_rule_services mediumCCI-000366 CM-6 b

The system must display the date and time of the last successful account logon upon an SSH logon.

Rule IDxccdf_pcf.pci.SV-90515r2_rule_services
Result
pass
Time2020-05-05T17:46:41
Severitymedium
Identifiers and References

Identifiers:  CCI-000366, CM-6 b

The SSH public host key files must have mode 0644 or less permissive.xccdf_pcf.pci.SV-90523r2_rule_services mediumCCI-000366 CM-6 b

The SSH public host key files must have mode 0644 or less permissive.

Rule IDxccdf_pcf.pci.SV-90523r2_rule_services
Result
pass
Time2020-05-05T17:46:41
Severitymedium
Identifiers and References

Identifiers:  CCI-000366, CM-6 b

The SSH private host key files must have mode 0600 or less permissive.xccdf_pcf.pci.SV-90525r2_rule_services mediumCCI-000366 CM-6 b

The SSH private host key files must have mode 0600 or less permissive.

Rule IDxccdf_pcf.pci.SV-90525r2_rule_services
Result
pass
Time2020-05-05T17:46:41
Severitymedium
Identifiers and References

Identifiers:  CCI-000366, CM-6 b

The SSH daemon must perform strict mode checking of home directory configuration files.xccdf_pcf.pci.SV-90527r2_rule_services mediumCCI-000366 CM-6 b

The SSH daemon must perform strict mode checking of home directory configuration files.

Rule IDxccdf_pcf.pci.SV-90527r2_rule_services
Result
pass
Time2020-05-05T17:46:41
Severitymedium
Identifiers and References

Identifiers:  CCI-000366, CM-6 b

The SSH daemon must use privilege separation.xccdf_pcf.pci.SV-90529r2_rule_services mediumCCI-000366 CM-6 b

The SSH daemon must use privilege separation.

Rule IDxccdf_pcf.pci.SV-90529r2_rule_services
Result
pass
Time2020-05-05T17:46:41
Severitymedium
Identifiers and References

Identifiers:  CCI-000366, CM-6 b

All networked systems must have and implement SSH to protect the confidentiality and integrity of transmitted and received information, as well as information during preparation for transmission.xccdf_pcf.pci.SV-90537r1-1_rule_services highCCI-002418 CCI-002420 CCI-002421 CCI-002422 SC-8

All networked systems must have and implement SSH to protect the confidentiality and integrity of transmitted and received information, as well as information during preparation for transmission.

Rule IDxccdf_pcf.pci.SV-90537r1-1_rule_services
Result
pass
Time2020-05-05T17:46:42
Severityhigh
Identifiers and References

Identifiers:  CCI-002418, CCI-002420, CCI-002421, CCI-002422, SC-8

All networked systems must have and implement SSH to protect the confidentiality and integrity of transmitted and received information, as well as information during preparation for transmission.xccdf_pcf.pci.SV-90537r1-2_rule_services highCCI-002418 CCI-002420 CCI-002421 CCI-002422 SC-8

All networked systems must have and implement SSH to protect the confidentiality and integrity of transmitted and received information, as well as information during preparation for transmission.

Rule IDxccdf_pcf.pci.SV-90537r1-2_rule_services
Result
pass
Time2020-05-05T17:46:42
Severityhigh
Identifiers and References

Identifiers:  CCI-002418, CCI-002420, CCI-002421, CCI-002422, SC-8

All networked systems must have and implement SSH to protect the confidentiality and integrity of transmitted and received information, as well as information during preparation for transmission.xccdf_pcf.pci.SV-90537r1-3_rule_services highCCI-002418 CCI-002420 CCI-002421 CCI-002422 SC-8

All networked systems must have and implement SSH to protect the confidentiality and integrity of transmitted and received information, as well as information during preparation for transmission.

Rule IDxccdf_pcf.pci.SV-90537r1-3_rule_services
Result
pass
Time2020-05-05T17:46:42
Severityhigh
Identifiers and References

Identifiers:  CCI-002418, CCI-002420, CCI-002421, CCI-002422, SC-8

All networked systems must have and implement SSH to protect the confidentiality and integrity of transmitted and received information, as well as information during preparation for transmission.xccdf_pcf.pci.SV-90537r1-4_rule_services highCCI-002418 CCI-002420 CCI-002421 CCI-002422 SC-8

All networked systems must have and implement SSH to protect the confidentiality and integrity of transmitted and received information, as well as information during preparation for transmission.

Rule IDxccdf_pcf.pci.SV-90537r1-4_rule_services
Result
pass
Time2020-05-05T17:46:42
Severityhigh
Identifiers and References

Identifiers:  CCI-002418, CCI-002420, CCI-002421, CCI-002422, SC-8

All remote access methods must be monitored.xccdf_pcf.pci.SV-90543r2_rule_services mediumCCI-000067 AC-17 (1)

All remote access methods must be monitored.

Rule IDxccdf_pcf.pci.SV-90543r2_rule_services
Result
pass
Time2020-05-05T17:46:42
Severitymedium
Identifiers and References

Identifiers:  CCI-000067, AC-17 (1)

Cron logging must be implemented.xccdf_pcf.pci.SV-90545r2_rule_services mediumCCI-000366 CM-6 b

Cron logging must be implemented.

Rule IDxccdf_pcf.pci.SV-90545r2_rule_services
Result
pass
Time2020-05-05T17:46:42
Severitymedium
Identifiers and References

Identifiers:  CCI-000366, CM-6 b

The Ubuntu operating system must be configured to use TCP syncookies.xccdf_pcf.pci.SV-90549r2_rule_services mediumCCI-001095 SC-5 (2)

The Ubuntu operating system must be configured to use TCP syncookies.

Rule IDxccdf_pcf.pci.SV-90549r2_rule_services
Result
pass
Time2020-05-05T17:46:42
Severitymedium
Identifiers and References

Identifiers:  CCI-001095, SC-5 (2)

For Ubuntu operating systems using Domain Name Servers (DNS) resolution, at least two name servers must be configured.xccdf_pcf.pci.SV-90551r2_rule_services lowCCI-000366 CM-6 b

For Ubuntu operating systems using Domain Name Servers (DNS) resolution, at least two name servers must be configured.

Rule IDxccdf_pcf.pci.SV-90551r2_rule_services
Result
pass
Time2020-05-05T17:46:42
Severitylow
Identifiers and References

Identifiers:  CCI-000366, CM-6 b

The Ubuntu operating system must not forward Internet Protocol version 4 (IPv4) source-routed packets.xccdf_pcf.pci.SV-90553r3_rule_services mediumCCI-000366 CM-6 b

The Ubuntu operating system must not forward Internet Protocol version 4 (IPv4) source-routed packets.

Rule IDxccdf_pcf.pci.SV-90553r3_rule_services
Result
pass
Time2020-05-05T17:46:42
Severitymedium
Identifiers and References

Identifiers:  CCI-000366, CM-6 b

The Ubuntu operating system must not forward Internet Protocol version 4 (IPv4) source-routed packets by default.xccdf_pcf.pci.SV-90555r3_rule_services mediumCCI-000366 CM-6 b

The Ubuntu operating system must not forward Internet Protocol version 4 (IPv4) source-routed packets by default.

Rule IDxccdf_pcf.pci.SV-90555r3_rule_services
Result
pass
Time2020-05-05T17:46:42
Severitymedium
Identifiers and References

Identifiers:  CCI-000366, CM-6 b

The Ubuntu operating system must not respond to Internet Protocol version 4 (IPv4) Internet Control Message Protocol (ICMP) echoes sent to a broadcast address.xccdf_pcf.pci.SV-90557r2_rule_services mediumCCI-000366 CM-6 b

The Ubuntu operating system must not respond to Internet Protocol version 4 (IPv4) Internet Control Message Protocol (ICMP) echoes sent to a broadcast address.

Rule IDxccdf_pcf.pci.SV-90557r2_rule_services
Result
pass
Time2020-05-05T17:46:42
Severitymedium
Identifiers and References

Identifiers:  CCI-000366, CM-6 b

The Ubuntu operating system must prevent Internet Protocol version 4 (IPv4) Internet Control Message Protocol (ICMP) redirect messages from being accepted.xccdf_pcf.pci.SV-90559r3_rule_services mediumCCI-000366 CM-6 b

The Ubuntu operating system must prevent Internet Protocol version 4 (IPv4) Internet Control Message Protocol (ICMP) redirect messages from being accepted.

Rule IDxccdf_pcf.pci.SV-90559r3_rule_services
Result
pass
Time2020-05-05T17:46:42
Severitymedium
Identifiers and References

Identifiers:  CCI-000366, CM-6 b

The Ubuntu operating system must ignore Internet Protocol version 4 (IPv4) Internet Control Message Protocol (ICMP) redirect messages.xccdf_pcf.pci.SV-90561r2_rule_services mediumCCI-000366 CM-6 b

The Ubuntu operating system must ignore Internet Protocol version 4 (IPv4) Internet Control Message Protocol (ICMP) redirect messages.

Rule IDxccdf_pcf.pci.SV-90561r2_rule_services
Result
pass
Time2020-05-05T17:46:42
Severitymedium
Identifiers and References

Identifiers:  CCI-000366, CM-6 b

The Ubuntu operating system must not allow interfaces to perform Internet Protocol version 4 (IPv4) Internet Control Message Protocol (ICMP) redirects by default.xccdf_pcf.pci.SV-90563r2_rule_services mediumCCI-000366 CM-6 b

The Ubuntu operating system must not allow interfaces to perform Internet Protocol version 4 (IPv4) Internet Control Message Protocol (ICMP) redirects by default.

Rule IDxccdf_pcf.pci.SV-90563r2_rule_services
Result
pass
Time2020-05-05T17:46:42
Severitymedium
Identifiers and References

Identifiers:  CCI-000366, CM-6 b

The Ubuntu operating system must not send Internet Protocol version 4 (IPv4) Internet Control Message Protocol (ICMP) redirects.xccdf_pcf.pci.SV-90565r2_rule_services mediumCCI-000366 CM-6 b

The Ubuntu operating system must not send Internet Protocol version 4 (IPv4) Internet Control Message Protocol (ICMP) redirects.

Rule IDxccdf_pcf.pci.SV-90565r2_rule_services
Result
pass
Time2020-05-05T17:46:42
Severitymedium
Identifiers and References

Identifiers:  CCI-000366, CM-6 b

The Ubuntu operating system must not be performing packet forwarding unless the system is a router.xccdf_pcf.pci.SV-90567r2_rule_services mediumCCI-000366 CM-6 b

The Ubuntu operating system must not be performing packet forwarding unless the system is a router.

Rule IDxccdf_pcf.pci.SV-90567r2_rule_services
Result
pass
Time2020-05-05T17:46:42
Severitymedium
Identifiers and References

Identifiers:  CCI-000366, CM-6 b

Network interfaces must not be in promiscuous mode.xccdf_pcf.pci.SV-90569r2_rule_services mediumCCI-000366 CM-6 b

Network interfaces must not be in promiscuous mode.

Rule IDxccdf_pcf.pci.SV-90569r2_rule_services
Result
pass
Time2020-05-05T17:46:42
Severitymedium
Identifiers and References

Identifiers:  CCI-000366, CM-6 b

The Ubuntu operating system must be configured to prevent unrestricted mail relaying.xccdf_pcf.pci.SV-90571r2_rule_services mediumCCI-000366 CM-6 b

The Ubuntu operating system must be configured to prevent unrestricted mail relaying.

Rule IDxccdf_pcf.pci.SV-90571r2_rule_services
Result
pass
Time2020-05-05T17:46:42
Severitymedium
Identifiers and References

Identifiers:  CCI-000366, CM-6 b

The Information System Security Officer (ISSO) and System Administrator (SA) (at a minimum) must have mail aliases to be notified of an audit processing failure.xccdf_pcf.pci.SV-90573r2_rule_services mediumCCI-000139 AU-5 a

The Information System Security Officer (ISSO) and System Administrator (SA) (at a minimum) must have mail aliases to be notified of an audit processing failure.

Rule IDxccdf_pcf.pci.SV-90573r2_rule_services
Result
pass
Time2020-05-05T17:46:42
Severitymedium
Identifiers and References

Identifiers:  CCI-000139, AU-5 a

A File Transfer Protocol (FTP) server package must not be installed unless needed.xccdf_pcf.pci.SV-90575r1_rule_services highCCI-000366 CM-6 b

A File Transfer Protocol (FTP) server package must not be installed unless needed.

Rule IDxccdf_pcf.pci.SV-90575r1_rule_services
Result
pass
Time2020-05-05T17:46:42
Severityhigh
Identifiers and References

Identifiers:  CCI-000366, CM-6 b

The Trivial File Transfer Protocol (TFTP) server package must not be installed if not required for operational support.xccdf_pcf.pci.SV-90577r2_rule_services highCCI-000318 CCI-000368 CCI-001812 CCI-001813 CCI-001814 CM-6 b

The Trivial File Transfer Protocol (TFTP) server package must not be installed if not required for operational support.

Rule IDxccdf_pcf.pci.SV-90577r2_rule_services
Result
pass
Time2020-05-05T17:46:43
Severityhigh
Identifiers and References

Identifiers:  CCI-000318, CCI-000368, CCI-001812, CCI-001813, CCI-001814, CM-6 b

If the Trivial File Transfer Protocol (TFTP) server is required, the TFTP daemon must be configured to operate in secure mode.xccdf_pcf.pci.SV-90579r1_rule_services mediumCCI-000366 CM-6 b

If the Trivial File Transfer Protocol (TFTP) server is required, the TFTP daemon must be configured to operate in secure mode.

Rule IDxccdf_pcf.pci.SV-90579r1_rule_services
Result
pass
Time2020-05-05T17:46:43
Severitymedium
Identifiers and References

Identifiers:  CCI-000366, CM-6 b

An X Windows display manager must not be installed unless approved.xccdf_pcf.pci.SV-90581r1_rule_services mediumCCI-000366 CM-6 b

An X Windows display manager must not be installed unless approved.

Rule IDxccdf_pcf.pci.SV-90581r1_rule_services
Result
pass
Time2020-05-05T17:46:43
Severitymedium
Identifiers and References

Identifiers:  CCI-000366, CM-6 b