STIGQter: STIG Summary: Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:

The Ubuntu operating system must use strong authenticators in establishing nonlocal maintenance and diagnostic sessions.

DISA Rule

SV-219309r610963_rule

Vulnerability Number

V-219309

Group Title

SRG-OS-000125-GPOS-00065

Rule Version

UBTU-18-010414

Severity

CAT II

CCI(s)

CCI-000877 - The organization employs strong authenticators in the establishment of nonlocal maintenance and diagnostic sessions.

Weight

Fix Recommendation

Configure the Ubuntu operating system to use strong authentication when establishing nonlocal maintenance and diagnostic sessions.

Add or modify the following line to /etc/ssh/sshd_config

UsePAM yes

Check Contents

Verify the Ubuntu operating system is configured to use strong authenticators in the establishment of nonlocal maintenance and diagnostic maintenance.

Check that "UsePAM" is set to yes in /etc/ssh/sshd_config:

# grep UsePAM /etc/ssh/sshd_config

UsePAM yes

If "UsePAM" is not set to "yes", this is a finding.

Vulnerability Number

V-219309

Documentable

False

Rule Version

UBTU-18-010414

Severity Override Guidance

Check Content Reference

Target Key

4055

The Ubuntu operating system must use strong authenticators in establishing nonlocal maintenance and diagnostic sessions.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments