STIGQter: STIG Summary: Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 10 Mar 2021:

The Ubuntu operating system must initiate session audits at system start-up.

DISA Rule

SV-238299r654072_rule

Vulnerability Number

V-238299

Group Title

SRG-OS-000254-GPOS-00095

Rule Version

UBTU-20-010198

Severity

CAT II

CCI(s)

• CCI-001464 - The information system initiates session audits at system start-up.

Weight

10

Fix Recommendation

Configure the Ubuntu operating system to produce audit records at system startup.

Edit the "/etc/default/grub" file and add "audit=1" to the "GRUB_CMDLINE_LINUX" option.

To update the grub config file, run:

$ sudo update-grub

Check Contents

Verify that the Ubuntu operating system enables auditing at system startup.

Verify that the auditing is enabled in grub with the following command:

$ sudo grep "^\s*linux" /boot/grub/grub.cfg

linux /boot/vmlinuz-5.4.0-31-generic root=UUID=74d13bcd-6ebd-4493-b5d2-3ebc37d01702 ro audit=1
linux /boot/vmlinuz-5.4.0-31-generic root=UUID=74d13bcd-6ebd-4493-b5d2-3ebc37d01702 ro recovery nomodeset audit=1

If any linux lines do not contain "audit=1", this is a finding.

Vulnerability Number

V-238299

Documentable

False

Rule Version

UBTU-20-010198

Severity Override Guidance

Verify that the Ubuntu operating system enables auditing at system startup.

Verify that the auditing is enabled in grub with the following command:

$ sudo grep "^\s*linux" /boot/grub/grub.cfg

linux /boot/vmlinuz-5.4.0-31-generic root=UUID=74d13bcd-6ebd-4493-b5d2-3ebc37d01702 ro audit=1
linux /boot/vmlinuz-5.4.0-31-generic root=UUID=74d13bcd-6ebd-4493-b5d2-3ebc37d01702 ro recovery nomodeset audit=1

If any linux lines do not contain "audit=1", this is a finding.

Check Content Reference

M

Target Key

5318

Comments