STIGQter: STIG Summary: Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 10 Mar 2021:

The Ubuntu operating system must use SSH to protect the confidentiality and integrity of transmitted information.

DISA Rule

SV-238215r653820_rule

Vulnerability Number

V-238215

Group Title

SRG-OS-000423-GPOS-00187

Rule Version

UBTU-20-010042

Severity

CAT I

CCI(s)

• CCI-002418 - The information system protects the confidentiality and/or integrity of transmitted information.
• CCI-002420 - The information system maintains the confidentiality and/or integrity of information during preparation for transmission.
• CCI-002422 - The information system maintains the confidentiality and/or integrity of information during reception.

Weight

10

Fix Recommendation

Install the "ssh" meta-package on the system with the following command:

$ sudo apt install ssh

Enable the "ssh" service to start automatically on reboot with the following command:

$ sudo systemctl enable sshd.service

ensure the "ssh" service is running

$ sudo systemctl start sshd.service

Check Contents

Verify the SSH package is installed with the following command:

$ sudo dpkg -l | grep openssh
ii openssh-client 1:7.6p1-4ubuntu0.1 amd64 secure shell (SSH) client, for secure access to remote machines
ii openssh-server 1:7.6p1-4ubuntu0.1 amd64 secure shell (SSH) server, for secure access from remote machines
ii openssh-sftp-server 1:7.6p1-4ubuntu0.1 amd64 secure shell (SSH) sftp server module, for SFTP access from remote machines

If the "openssh" server package is not installed, this is a finding.

Verify the "sshd.service" is loaded and active with the following command:

$ sudo systemctl status sshd.service | egrep -i "(active|loaded)"
Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled)
Active: active (running) since Thu 2019-01-24 22:52:58 UTC; 1 weeks 3 days ago

If "sshd.service" is not active or loaded, this is a finding.

Vulnerability Number

V-238215

Documentable

False

Rule Version

UBTU-20-010042

Severity Override Guidance

Verify the SSH package is installed with the following command:

$ sudo dpkg -l | grep openssh
ii openssh-client 1:7.6p1-4ubuntu0.1 amd64 secure shell (SSH) client, for secure access to remote machines
ii openssh-server 1:7.6p1-4ubuntu0.1 amd64 secure shell (SSH) server, for secure access from remote machines
ii openssh-sftp-server 1:7.6p1-4ubuntu0.1 amd64 secure shell (SSH) sftp server module, for SFTP access from remote machines

If the "openssh" server package is not installed, this is a finding.

Verify the "sshd.service" is loaded and active with the following command:

$ sudo systemctl status sshd.service | egrep -i "(active|loaded)"
Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled)
Active: active (running) since Thu 2019-01-24 22:52:58 UTC; 1 weeks 3 days ago

If "sshd.service" is not active or loaded, this is a finding.

Check Content Reference

M

Target Key

5318

Comments