STIGQter: STIG Summary: Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:

The Ubuntu operating system must use SSH to protect the confidentiality and integrity of transmitted information unless otherwise protected by alternative physical safeguards, such as, at a minimum, a Protected Distribution System (PDS).

DISA Rule

SV-219313r610963_rule

Vulnerability Number

V-219313

Group Title

SRG-OS-000423-GPOS-00187

Rule Version

UBTU-18-010420

Severity

CAT I

CCI(s)

• CCI-002418 - The information system protects the confidentiality and/or integrity of transmitted information.
• CCI-002420 - The information system maintains the confidentiality and/or integrity of information during preparation for transmission.
• CCI-002421 - The information system implements cryptographic mechanisms to prevent unauthorized disclosure of information and/or detect changes to information during transmission unless otherwise protected by organization-defined alternative physical safeguards.
• CCI-002422 - The information system maintains the confidentiality and/or integrity of information during reception.

Weight

10

Fix Recommendation

Install the "ssh" meta-package on the system with the following command:

# sudo apt install ssh

Enable the "ssh" service to start automatically on reboot with the following command:

# sudo systemctl enable sshd.service

Ensure that the "ssh" service is running.

# sudo systemctl start sshd.service

Check Contents

Check that the ssh package is installed with the following command:

# sudo dpkg -l | grep openssh
ii openssh-client 1:7.6p1-4ubuntu0.1 amd64 secure shell (SSH) client, for secure access to remote machines
ii openssh-server 1:7.6p1-4ubuntu0.1 amd64 secure shell (SSH) server, for secure access from remote machines
ii openssh-sftp-server 1:7.6p1-4ubuntu0.1 amd64 secure shell (SSH) sftp server module, for SFTP access from remote machines

If the "openssh" server package is not installed, this is a finding.

Check that the "sshd.service" is loaded and active with the following command:

# sudo systemctl status sshd.service | egrep -i "(active|loaded)"
Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled)
Active: active (running) since Thu 2019-01-24 22:52:58 UTC; 1 weeks 3 days ago

If "sshd.service" is not active or loaded, this is a finding.

Vulnerability Number

V-219313

Documentable

False

Rule Version

UBTU-18-010420

Severity Override Guidance

Check that the ssh package is installed with the following command:

# sudo dpkg -l | grep openssh
ii openssh-client 1:7.6p1-4ubuntu0.1 amd64 secure shell (SSH) client, for secure access to remote machines
ii openssh-server 1:7.6p1-4ubuntu0.1 amd64 secure shell (SSH) server, for secure access from remote machines
ii openssh-sftp-server 1:7.6p1-4ubuntu0.1 amd64 secure shell (SSH) sftp server module, for SFTP access from remote machines

If the "openssh" server package is not installed, this is a finding.

Check that the "sshd.service" is loaded and active with the following command:

# sudo systemctl status sshd.service | egrep -i "(active|loaded)"
Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled)
Active: active (running) since Thu 2019-01-24 22:52:58 UTC; 1 weeks 3 days ago

If "sshd.service" is not active or loaded, this is a finding.

Check Content Reference

M

Target Key

4055

Comments