Skip to content

Add rules to Ubuntu 22.04 STIG to align with V2R7 #14427

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
dodys merged 1 commit into from
Feb 20, 2026
Merged

Add rules to Ubuntu 22.04 STIG to align with V2R7 #14427

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
52 changes: 52 additions & 0 deletions controls/stig_ubuntu2204.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,14 @@ reference_type: stigid
product: ubuntu2204

controls:
- id: UBTU-22-211000
title: Ubuntu 22.04 LTS must be a vendor-supported release.
levels:
- high
rules:
- installed_OS_is_vendor_supported
status: automated

- id: UBTU-22-211015
title: Ubuntu 22.04 LTS must disable the x86 Ctrl-Alt-Delete key sequence.
levels:
Expand Down Expand Up @@ -474,6 +482,42 @@ controls:
- sysctl_net_ipv4_tcp_syncookies
status: automated

- id: UBTU-22-254010
title: Ubuntu 22.04 LTS must have the "SSSD" package installed.
levels:
- medium
rules:
- package_nss_sss_installed
- package_pam_sss_installed
- package_sssd_installed
status: automated

- id: UBTU-22-254015
title: Ubuntu 22.04 LTS must use the "SSSD" package for multifactor authentication services.
levels:
- medium
rules:
- service_sssd_enabled
status: automated

- id: UBTU-22-254020
title: Ubuntu 22.04 LTS must ensure SSSD performs certificate path validation, including revocation checking, against a trusted anchor for PKI-based authentication.
levels:
- medium
rules:
- sssd_enable_pam_services
- sssd_enable_smartcards
- sssd_certification_path_trust_anchor
status: automated

- id: UBTU-22-254030
title: Ubuntu 22.04 LTS must map the authenticated identity to the user or group account for PKI-based authentication.
levels:
- medium
rules:
- sssd_enable_user_cert
status: automated

- id: UBTU-22-255010
title: Ubuntu 22.04 LTS must have SSH installed.
levels:
Expand Down Expand Up @@ -1602,6 +1646,14 @@ controls:
- audit_rules_sudoers
status: automated

- id: UBTU-22-654224
title: The operating system must restrict privilege elevation to authorized personnel.
levels:
- medium
rules:
- sudo_restrict_privilege_elevation_to_authorized
status: automated

- id: UBTU-22-654225
title: Ubuntu 22.04 LTS must generate audit records when successful/unsuccessful attempts to modify
the /etc/sudoers.d directory occur.
Expand Down
1 change: 1 addition & 0 deletions ...stem/software/integrity/certified-vendor/installed_OS_is_vendor_supported/oval/shared.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@
<extend_definition comment="Installed OS is SLE16" definition_ref="installed_OS_is_sle16" />
<extend_definition comment="Installed OS is SLE Micro 5" definition_ref="installed_OS_is_slmicro5" />
<extend_definition comment="Installed OS is SLE Micro 6" definition_ref="installed_OS_is_slmicro6" />
<extend_definition comment="Installed OS is Ubuntu 22.04" definition_ref="installed_OS_is_ubuntu2204" />
<extend_definition comment="Installed OS is Ubuntu 24.04" definition_ref="installed_OS_is_ubuntu2404" />
</criteria>
</definition>
Expand Down
Loading