STIGQter STIGQter: STIG Summary: Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 10 Mar 2021:

The Ubuntu operating system must use strong authenticators in establishing nonlocal maintenance and diagnostic sessions.

DISA Rule

SV-238211r653808_rule

Vulnerability Number

V-238211

Group Title

SRG-OS-000125-GPOS-00065

Rule Version

UBTU-20-010035

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure the Ubuntu operating system to use strong authentication when establishing nonlocal maintenance and diagnostic sessions.

Add or modify the following line to /etc/ssh/sshd_config:

UsePAM yes

Check Contents

Verify the Ubuntu operating system is configured to use strong authenticators in the establishment of nonlocal maintenance and diagnostic maintenance.

Verify that "UsePAM" is set to "yes" in "/etc/ssh/sshd_config:

$ grep ^UsePAM /etc/ssh/sshd_config

UsePAM yes

If "UsePAM" is not set to "yes", this is a finding.

Vulnerability Number

V-238211

Documentable

False

Rule Version

UBTU-20-010035

Severity Override Guidance

Verify the Ubuntu operating system is configured to use strong authenticators in the establishment of nonlocal maintenance and diagnostic maintenance.

Verify that "UsePAM" is set to "yes" in "/etc/ssh/sshd_config:

$ grep ^UsePAM /etc/ssh/sshd_config

UsePAM yes

If "UsePAM" is not set to "yes", this is a finding.

Check Content Reference

M

Target Key

5318

Comments