Guide to the Secure Configuration of Ubuntu stemcell
with profile base-xenial
Evaluation Characteristics" >Compliance Scanner for VMware Tanzu Evaluation Report</h1></div></div></nav><div class="container"><div id="content"><div id="introduction"><div class="row"><h2>Guide to the Secure Configuration of Ubuntu stemcell</h2><blockquote>with profile <mark>base-xenial</mark></blockquote><div class="col-md-12 well well-lg horizontal-scroll"><div class="front-matter"></div></div></div></div><div id="characteristics"><h2>Evaluation Characteristics Guide to the Secure Configuration of Ubuntu stemcell
with profile base-xenial
Evaluation Characteristics" >
Guide to the Secure Configuration of Ubuntu stemcell
with profile
base-xenial
Evaluation Characteristics
Tile version
1.2.32
Deployment name
p-compliance-scanner-5802123a3c58ba81f0fe
Evaluation target
oscap_store/f3e5ebe1-4ade-4be1-bf58-bcb83c974198 xenial-315.181
Benchmark URL
/var/vcap/data/oscap/benchmarks/Base-Xenial.xml
Benchmark ID
xccdf_org.pci.content_benchmark_ubuntu_stemcell
Profile ID
xccdf_org.pci.base-xenial_profile_genx
Started at
2020-05-05T17:46:07
Finished at
2020-05-05T17:46:43
Performed by
Compliance Scanner for VMware Tanzu
CPE Platforms
- cpe:/o:canonical:ubuntu_linux:0.0
Addresses
- IPv4 127.0.0.1
- IPv4 169.254.0.2
- IPv4 10.0.4.28
- MAC 00:00:00:00:00:00
- MAC 42:01:0A:00:04:1C
Compliance and Scoring
The target system did not satisfy the conditions of 2 rules! Please review rule results and consider applying remediation.
Rule results
Severity of failed rules
Score
Scoring system
Score
Maximum
Percent
urn:xccdf:scoring:default
98.684212
100.000000
Rule Overview
Result Details
The Ubuntu operating system must be a vendor supported release.xccdf_pcf.pci.SV-90069r1_rule_services highCCI-001230 CM-6 b
The Ubuntu operating system must be a vendor supported release.
Rule ID
xccdf_pcf.pci.SV-90069r1_rule_services
Result
pass
Time
2020-05-05T17:46:07
Severity
high
Identifiers and References
Identifiers: CCI-001230, CM-6 b
The Ubuntu operating system must display the Standard Mandatory DoD Notice and Consent Banner before granting local or remote access to the system via a graphical user logon.xccdf_pcf.pci.SV-90073r2_rule_services mediumCCI-000048 CCI-001384 CCI-001385 CCI-001386 CCI-001387 CCI-001388 AC-8 a
The Ubuntu operating system must display the Standard Mandatory DoD Notice and Consent Banner before granting local or remote access to the system via a graphical user logon.
Rule ID
xccdf_pcf.pci.SV-90073r2_rule_services
Result
notchecked
Time
2020-05-05T17:46:07
Severity
medium
Identifiers and References
Identifiers: CCI-000048, CCI-001384, CCI-001385, CCI-001386, CCI-001387, CCI-001388, AC-8 a
The Ubuntu operating system must display the Standard Mandatory DoD Notice and Consent Banner before granting local or remote access to the system via a command line user logon.xccdf_pcf.pci.SV-90115r2_rule_services mediumCCI-000048 CCI-001384 CCI-001385 CCI-001386 CCI-001387 CCI-001388 AC-8 a
The Ubuntu operating system must display the Standard Mandatory DoD Notice and Consent Banner before granting local or remote access to the system via a command line user logon.
Rule ID
xccdf_pcf.pci.SV-90115r2_rule_services
Result
fail
Time
2020-05-05T17:46:07
Severity
medium
Identifiers and References
Identifiers: CCI-000048, CCI-001384, CCI-001385, CCI-001386, CCI-001387, CCI-001388, AC-8 a
The Ubuntu operating system must enforce password complexity by requiring that at least one upper-case character be used.xccdf_pcf.pci.SV-90129r2_rule_services mediumCCI-000192 IA-5 (1) (a)
The Ubuntu operating system must enforce password complexity by requiring that at least one upper-case character be used.
Rule ID
xccdf_pcf.pci.SV-90129r2_rule_services
Result
pass
Time
2020-05-05T17:46:07
Severity
medium
Identifiers and References
Identifiers: CCI-000192, IA-5 (1) (a)
The Ubuntu operating system must enforce password complexity by requiring that at least one lower-case character be used.xccdf_pcf.pci.SV-90131r2_rule_services mediumCCI-000193 IA-5 (1) (a)
The Ubuntu operating system must enforce password complexity by requiring that at least one lower-case character be used.
Rule ID
xccdf_pcf.pci.SV-90131r2_rule_services
Result
pass
Time
2020-05-05T17:46:07
Severity
medium
Identifiers and References
Identifiers: CCI-000193, IA-5 (1) (a)
The Ubuntu operating system must enforce password complexity by requiring that at least one numeric character be used.xccdf_pcf.pci.SV-90133r2_rule_services mediumCCI-000194 IA-5 (1) (a)
The Ubuntu operating system must enforce password complexity by requiring that at least one numeric character be used.
Rule ID
xccdf_pcf.pci.SV-90133r2_rule_services
Result
pass
Time
2020-05-05T17:46:07
Severity
medium
Identifiers and References
Identifiers: CCI-000194, IA-5 (1) (a)
All passwords must contain at least one special character.xccdf_pcf.pci.SV-90135r2_rule_services mediumCCI-001619 IA-5 (1) (a)
All passwords must contain at least one special character.
Rule ID
xccdf_pcf.pci.SV-90135r2_rule_services
Result
pass
Time
2020-05-05T17:46:07
Severity
medium
Identifiers and References
Identifiers: CCI-001619, IA-5 (1) (a)
The Ubuntu operating system must encrypt all stored passwords with a FIPS 140-2 approved cryptographic hashing algorithm.xccdf_pcf.pci.SV-90139r1_rule_services mediumCCI-000196 CCI-000803 IA-5 (1) (c)
The Ubuntu operating system must encrypt all stored passwords with a FIPS 140-2 approved cryptographic hashing algorithm.
Rule ID
xccdf_pcf.pci.SV-90139r1_rule_services
Result
pass
Time
2020-05-05T17:46:07
Severity
medium
Identifiers and References
Identifiers: CCI-000196, CCI-000803, IA-5 (1) (c)
The Ubuntu operating system must employ a FIPS 140-2 approved cryptographic hashing algorithms for all stored passwords.xccdf_pcf.pci.SV-90141r1_rule_services mediumCCI-000196 CCI-000803 IA-5 (1) (c)
The Ubuntu operating system must employ a FIPS 140-2 approved cryptographic hashing algorithms for all stored passwords.
Rule ID
xccdf_pcf.pci.SV-90141r1_rule_services
Result
pass
Time
2020-05-05T17:46:07
Severity
medium
Identifiers and References
Identifiers: CCI-000196, CCI-000803, IA-5 (1) (c)
The pam_unix.so module must use a FIPS 140-2 approved cryptographic hashing algorithm for system authentication.xccdf_pcf.pci.SV-90145r2_rule_services mediumCCI-000803 IA-7
The pam_unix.so module must use a FIPS 140-2 approved cryptographic hashing algorithm for system authentication.
Rule ID
xccdf_pcf.pci.SV-90145r2_rule_services
Result
pass
Time
2020-05-05T17:46:07
Severity
medium
Identifiers and References
Identifiers: CCI-000803, IA-7
Emergency administrator accounts must never be automatically removed or disabled.xccdf_pcf.pci.SV-90149r1-1_rule_services mediumCCI-001682 AC-2 (2)
Emergency administrator accounts must never be automatically removed or disabled.
Rule ID
xccdf_pcf.pci.SV-90149r1-1_rule_services
Result
pass
Time
2020-05-05T17:46:07
Severity
medium
Identifiers and References
Identifiers: CCI-001682, AC-2 (2)
Emergency administrator accounts must never be automatically removed or disabled.xccdf_pcf.pci.SV-90149r1-2_rule_services mediumCCI-001682 AC-2 (2)
Emergency administrator accounts must never be automatically removed or disabled.
Rule ID
xccdf_pcf.pci.SV-90149r1-2_rule_services
Result
pass
Time
2020-05-05T17:46:07
Severity
medium
Identifiers and References
Identifiers: CCI-001682, AC-2 (2)
Passwords for new users must have a 24 hours/1 day minimum password lifetime restriction.xccdf_pcf.pci.SV-90151r2_rule_services mediumCCI-000198 IA-5 (1) (d)
Passwords for new users must have a 24 hours/1 day minimum password lifetime restriction.
Rule ID
xccdf_pcf.pci.SV-90151r2_rule_services
Result
pass
Time
2020-05-05T17:46:07
Severity
medium
Identifiers and References
Identifiers: CCI-000198, IA-5 (1) (d)
Passwords for new users must have a 60-day maximum password lifetime restriction.xccdf_pcf.pci.SV-90153r2_rule_services mediumCCI-000199 IA-5 (1) (d)
Passwords for new users must have a 60-day maximum password lifetime restriction.
Rule ID
xccdf_pcf.pci.SV-90153r2_rule_services
Result
pass
Time
2020-05-05T17:46:08
Severity
medium
Identifiers and References
Identifiers: CCI-000199, IA-5 (1) (d)
Passwords must be prohibited from reuse for a minimum of five generations.xccdf_pcf.pci.SV-90155r2_rule_services mediumCCI-000200 IA-5 (1) (e)
Passwords must be prohibited from reuse for a minimum of five generations.
Rule ID
xccdf_pcf.pci.SV-90155r2_rule_services
Result
pass
Time
2020-05-05T17:46:08
Severity
medium
Identifiers and References
Identifiers: CCI-000200, IA-5 (1) (e)
The Ubuntu operating system must not have accounts configured with blank or null passwords.xccdf_pcf.pci.SV-90159r1_rule_services highCCI-000366 CM-6 b
The Ubuntu operating system must not have accounts configured with blank or null passwords.
Rule ID
xccdf_pcf.pci.SV-90159r1_rule_services
Result
pass
Time
2020-05-05T17:46:08
Severity
high
Identifiers and References
Identifiers: CCI-000366, CM-6 b
The passwd command must be configured to prevent the use of dictionary words as passwords.xccdf_pcf.pci.SV-90163r1_rule_services mediumCCI-000366 CM-6 b
The passwd command must be configured to prevent the use of dictionary words as passwords.
Rule ID
xccdf_pcf.pci.SV-90163r1_rule_services
Result
pass
Time
2020-05-05T17:46:08
Severity
medium
Identifiers and References
Identifiers: CCI-000366, CM-6 b
The Ubuntu operating system must display the date and time of the last successful account logon upon logon.xccdf_pcf.pci.SV-90177r1_rule_services lowCCI-000366 CM-6 b
The Ubuntu operating system must display the date and time of the last successful account logon upon logon.
Rule ID
xccdf_pcf.pci.SV-90177r1_rule_services
Result
fail
Time
2020-05-05T17:46:08
Severity
low
Identifiers and References
Identifiers: CCI-000366, CM-6 b
There must be no .shosts files on the Ubuntu operating system.xccdf_pcf.pci.SV-90179r1_rule_services highCCI-000366 CM-6 b
There must be no .shosts files on the Ubuntu operating system.
Rule ID
xccdf_pcf.pci.SV-90179r1_rule_services
Result
pass
Time
2020-05-05T17:46:20
Severity
high
Identifiers and References
Identifiers: CCI-000366, CM-6 b
There must be no shosts.equiv files on the Ubuntu operating system.xccdf_pcf.pci.SV-90181r2_rule_services highCCI-000366 CM-6 b
There must be no shosts.equiv files on the Ubuntu operating system.
Rule ID
xccdf_pcf.pci.SV-90181r2_rule_services
Result
pass
Time
2020-05-05T17:46:21
Severity
high
Identifiers and References
Identifiers: CCI-000366, CM-6 b
All public directories must be owned by root to prevent unauthorized and unintended information transferred via shared system resources.xccdf_pcf.pci.SV-90191r1_rule_services mediumCCI-001090 SC-4
All public directories must be owned by root to prevent unauthorized and unintended information transferred via shared system resources.
Rule ID
xccdf_pcf.pci.SV-90191r1_rule_services
Result
pass
Time
2020-05-05T17:46:21
Severity
medium
Identifiers and References
Identifiers: CCI-001090, SC-4
All world-writable directories must be group-owned by root, sys, bin, or an application group.xccdf_pcf.pci.SV-90193r3_rule_services mediumCCI-001090 SC-4
All world-writable directories must be group-owned by root, sys, bin, or an application group.
Rule ID
xccdf_pcf.pci.SV-90193r3_rule_services
Result
pass
Time
2020-05-05T17:46:22
Severity
medium
Identifiers and References
Identifiers: CCI-001090, SC-4
Advance package Tool (APT) must be configured to prevent the installation of patches, service packs, device drivers, or Ubuntu operating system components without verification they have been digitally signed using a certificate that is recognized and approved by the organization.xccdf_pcf.pci.SV-90207r2_rule_services mediumCCI-001749 CM-5 (3)
Advance package Tool (APT) must be configured to prevent the installation of patches, service packs, device drivers, or Ubuntu operating system components without verification they have been digitally signed using a certificate that is recognized and approved by the organization.
Rule ID
xccdf_pcf.pci.SV-90207r2_rule_services
Result
pass
Time
2020-05-05T17:46:22
Severity
medium
Identifiers and References
Identifiers: CCI-001749, CM-5 (3)
Automatic mounting of Universal Serial Bus (USB) mass storage driver must be disabled.xccdf_pcf.pci.SV-90211r2_rule_services mediumCCI-001958 IA-3
Automatic mounting of Universal Serial Bus (USB) mass storage driver must be disabled.
Rule ID
xccdf_pcf.pci.SV-90211r2_rule_services
Result
pass
Time
2020-05-05T17:46:22
Severity
medium
Identifiers and References
Identifiers: CCI-001958, IA-3
File system automounter must be disabled unless required.xccdf_pcf.pci.SV-90213r2_rule_services mediumCCI-000366 CCI-000778 CCI-001958 IA-3
File system automounter must be disabled unless required.
Rule ID
xccdf_pcf.pci.SV-90213r2_rule_services
Result
pass
Time
2020-05-05T17:46:22
Severity
medium
Identifiers and References
Identifiers: CCI-000366, CCI-000778, CCI-001958, IA-3
Pam_Apparmor must be configured to allow system administrators to pass information to any other Ubuntu operating system administrator or user, change security attributes, and to confine all non-privileged users from executing functions to include disabling, circumventing, or altering implemented security safeguards/countermeasures.xccdf_pcf.pci.SV-90215r2_rule_services mediumCCI-002165 CCI-002235 AC-3 (4)
Pam_Apparmor must be configured to allow system administrators to pass information to any other Ubuntu operating system administrator or user, change security attributes, and to confine all non-privileged users from executing functions to include disabling, circumventing, or altering implemented security safeguards/countermeasures.
Rule ID
xccdf_pcf.pci.SV-90215r2_rule_services
Result
pass
Time
2020-05-05T17:46:22
Severity
medium
Identifiers and References
Identifiers: CCI-002165, CCI-002235, AC-3 (4)
The Apparmor module must be configured to employ a deny-all, permit-by-exception policy to allow the execution of authorized software programs and limit the ability of non-privileged users to grant other users direct access to the contents of their home directories/foldersxccdf_pcf.pci.SV-90217r2_rule_services mediumCCI-001764 CCI-001774 CM-7 (2)
The Apparmor module must be configured to employ a deny-all, permit-by-exception policy to allow the execution of authorized software programs and limit the ability of non-privileged users to grant other users direct access to the contents of their home directories/folders
Rule ID
xccdf_pcf.pci.SV-90217r2_rule_services
Result
pass
Time
2020-05-05T17:46:23
Severity
medium
Identifiers and References
Identifiers: CCI-001764, CCI-001774, CM-7 (2)
The x86 Ctrl-Alt-Delete key sequence must be disabled.xccdf_pcf.pci.SV-90221r2_rule_services highCCI-000366 CM-6 b
The x86 Ctrl-Alt-Delete key sequence must be disabled.
Rule ID
xccdf_pcf.pci.SV-90221r2_rule_services
Result
pass
Time
2020-05-05T17:46:23
Severity
high
Identifiers and References
Identifiers: CCI-000366, CM-6 b
Duplicate User IDs (UIDs) must not exist for interactive users.xccdf_pcf.pci.SV-90227r2_rule_services mediumCCI-000764 CCI-000804 CCI-001084 IA-2
Duplicate User IDs (UIDs) must not exist for interactive users.
Rule ID
xccdf_pcf.pci.SV-90227r2_rule_services
Result
pass
Time
2020-05-05T17:46:23
Severity
medium
Identifiers and References
Identifiers: CCI-000764, CCI-000804, CCI-001084, IA-2
The root account must be the only account having unrestricted access to the system.xccdf_pcf.pci.SV-90229r1_rule_services highCCI-000366 CM-6 b
The root account must be the only account having unrestricted access to the system.
Rule ID
xccdf_pcf.pci.SV-90229r1_rule_services
Result
pass
Time
2020-05-05T17:46:23
Severity
high
Identifiers and References
Identifiers: CCI-000366, CM-6 b
All files and directories must have a valid owner.xccdf_pcf.pci.SV-90235r1_rule_services mediumCCI-002165 CM-6 b
All files and directories must have a valid owner.
Rule ID
xccdf_pcf.pci.SV-90235r1_rule_services
Result
pass
Time
2020-05-05T17:46:25
Severity
medium
Identifiers and References
Identifiers: CCI-002165, CM-6 b
All files and directories must have a valid group owner.xccdf_pcf.pci.SV-90237r1_rule_services mediumCCI-002165 CM-6 b
All files and directories must have a valid group owner.
Rule ID
xccdf_pcf.pci.SV-90237r1_rule_services
Result
pass
Time
2020-05-05T17:46:27
Severity
medium
Identifiers and References
Identifiers: CCI-002165, CM-6 b
All local interactive users must have a home directory assigned in the /etc/passwd file.xccdf_pcf.pci.SV-90239r1_rule_services mediumCCI-000366 CM-6 b
All local interactive users must have a home directory assigned in the /etc/passwd file.
Rule ID
xccdf_pcf.pci.SV-90239r1_rule_services
Result
pass
Time
2020-05-05T17:46:27
Severity
medium
Identifiers and References
Identifiers: CCI-000366, CM-6 b
All local interactive user home directories defined in the /etc/passwd file must exist.xccdf_pcf.pci.SV-90243r1_rule_services mediumCCI-000366 CM-6 b
All local interactive user home directories defined in the /etc/passwd file must exist.
Rule ID
xccdf_pcf.pci.SV-90243r1_rule_services
Result
pass
Time
2020-05-05T17:46:27
Severity
medium
Identifiers and References
Identifiers: CCI-000366, CM-6 b
All local interactive user home directories must be group-owned by the home directory owners primary group.xccdf_pcf.pci.SV-90247r1_rule_services mediumCCI-000366 CM-6 b
All local interactive user home directories must be group-owned by the home directory owners primary group.
Rule ID
xccdf_pcf.pci.SV-90247r1_rule_services
Result
pass
Time
2020-05-05T17:46:27
Severity
medium
Identifiers and References
Identifiers: CCI-000366, CM-6 b
All local interactive user initialization files executable search paths must contain only paths that resolve to the system default or the users home directory.xccdf_pcf.pci.SV-90251r1_rule_services mediumCCI-000366 CM-6 b
All local interactive user initialization files executable search paths must contain only paths that resolve to the system default or the users home directory.
Rule ID
xccdf_pcf.pci.SV-90251r1_rule_services
Result
pass
Time
2020-05-05T17:46:27
Severity
medium
Identifiers and References
Identifiers: CCI-000366, CM-6 b
Local initialization files must not execute world-writable programs.xccdf_pcf.pci.SV-90253r1_rule_services mediumCCI-000366 CM-6 b
Local initialization files must not execute world-writable programs.
Rule ID
xccdf_pcf.pci.SV-90253r1_rule_services
Result
pass
Time
2020-05-05T17:46:34
Severity
medium
Identifiers and References
Identifiers: CCI-000366, CM-6 b
File systems that are being imported via Network File System (NFS) must be mounted to prevent files with the setuid and setguid bit set from being executed.xccdf_pcf.pci.SV-90259r3_rule_services mediumCCI-000366 CM-6 b
File systems that are being imported via Network File System (NFS) must be mounted to prevent files with the setuid and setguid bit set from being executed.
Rule ID
xccdf_pcf.pci.SV-90259r3_rule_services
Result
pass
Time
2020-05-05T17:46:34
Severity
medium
Identifiers and References
Identifiers: CCI-000366, CM-6 b
File systems that are being imported via Network File System (NFS) must be mounted to prevent binary files from being executed.xccdf_pcf.pci.SV-90261r2_rule_services mediumCCI-000366 CM-6 b
File systems that are being imported via Network File System (NFS) must be mounted to prevent binary files from being executed.
Rule ID
xccdf_pcf.pci.SV-90261r2_rule_services
Result
pass
Time
2020-05-05T17:46:34
Severity
medium
Identifiers and References
Identifiers: CCI-000366, CM-6 b
All world-writable directories must be group-owned by root, sys, bin, or an application group.xccdf_pcf.pci.SV-90263r2_rule_services mediumCCI-000366 CM-6 b
All world-writable directories must be group-owned by root, sys, bin, or an application group.
Rule ID
xccdf_pcf.pci.SV-90263r2_rule_services
Result
pass
Time
2020-05-05T17:46:34
Severity
medium
Identifiers and References
Identifiers: CCI-000366, CM-6 b
Kernel core dumps must be disabled unless needed.xccdf_pcf.pci.SV-90265r1_rule_services mediumCCI-000366 CM-6 b
Kernel core dumps must be disabled unless needed.
Rule ID
xccdf_pcf.pci.SV-90265r1_rule_services
Result
pass
Time
2020-05-05T17:46:34
Severity
medium
Identifiers and References
Identifiers: CCI-000366, CM-6 b
A separate file system must be used for user home directories (such as /home or an equivalent).xccdf_pcf.pci.SV-90267r2_rule_services mediumCCI-000366 CM-6 b
A separate file system must be used for user home directories (such as /home or an equivalent).
Rule ID
xccdf_pcf.pci.SV-90267r2_rule_services
Result
pass
Time
2020-05-05T17:46:34
Severity
medium
Identifiers and References
Identifiers: CCI-000366, CM-6 b
The Ubuntu operating system must use a separate file system for the system audit data path.xccdf_pcf.pci.SV-90271r1_rule_services lowCCI-000366 CM-6 b
The Ubuntu operating system must use a separate file system for the system audit data path.
Rule ID
xccdf_pcf.pci.SV-90271r1_rule_services
Result
pass
Time
2020-05-05T17:46:34
Severity
low
Identifiers and References
Identifiers: CCI-000366, CM-6 b
The /var/log directory must be group-owned by syslog.xccdf_pcf.pci.SV-90273r2_rule_services mediumCCI-001314 SI-11 b
The /var/log directory must be group-owned by syslog.
Rule ID
xccdf_pcf.pci.SV-90273r2_rule_services
Result
pass
Time
2020-05-05T17:46:35
Severity
medium
Identifiers and References
Identifiers: CCI-001314, SI-11 b
The /var/log directory must be owned by root.xccdf_pcf.pci.SV-90275r2_rule_services mediumCCI-001314 SI-11 b
The /var/log directory must be owned by root.
Rule ID
xccdf_pcf.pci.SV-90275r2_rule_services
Result
pass
Time
2020-05-05T17:46:35
Severity
medium
Identifiers and References
Identifiers: CCI-001314, SI-11 b
The /var/log/syslog file must be owned by syslog.xccdf_pcf.pci.SV-90281r2_rule_services mediumCCI-001314 SI-11 b
The /var/log/syslog file must be owned by syslog.
Rule ID
xccdf_pcf.pci.SV-90281r2_rule_services
Result
pass
Time
2020-05-05T17:46:35
Severity
medium
Identifiers and References
Identifiers: CCI-001314, SI-11 b
The /var/log/syslog directory must have mode 0640 or less permissive.xccdf_pcf.pci.SV-90283r3_rule_services mediumCCI-001314 SI-11 b
The /var/log/syslog directory must have mode 0640 or less permissive.
Rule ID
xccdf_pcf.pci.SV-90283r3_rule_services
Result
pass
Time
2020-05-05T17:46:35
Severity
medium
Identifiers and References
Identifiers: CCI-001314, SI-11 b
Library files must have mode 0755 or less permissive.xccdf_pcf.pci.SV-90285r2_rule_services mediumCCI-001499 CM-5 (6)
Library files must have mode 0755 or less permissive.
Rule ID
xccdf_pcf.pci.SV-90285r2_rule_services
Result
pass
Time
2020-05-05T17:46:35
Severity
medium
Identifiers and References
Identifiers: CCI-001499, CM-5 (6)
Library files must be owned by root.xccdf_pcf.pci.SV-90287r2_rule_services mediumCCI-001499 CM-5 (6)
Library files must be owned by root.
Rule ID
xccdf_pcf.pci.SV-90287r2_rule_services
Result
pass
Time
2020-05-05T17:46:35
Severity
medium
Identifiers and References
Identifiers: CCI-001499, CM-5 (6)
System commands must have mode 0755 or less permissive.xccdf_pcf.pci.SV-90291r2_rule_services mediumCCI-001499 CM-5 (6)
System commands must have mode 0755 or less permissive.
Rule ID
xccdf_pcf.pci.SV-90291r2_rule_services
Result
pass
Time
2020-05-05T17:46:35
Severity
medium
Identifiers and References
Identifiers: CCI-001499, CM-5 (6)
System files must be owned by root.xccdf_pcf.pci.SV-90293r2_rule_services mediumCCI-001499 CM-5 (6)
System files must be owned by root.
Rule ID
xccdf_pcf.pci.SV-90293r2_rule_services
Result
pass
Time
2020-05-05T17:46:35
Severity
medium
Identifiers and References
Identifiers: CCI-001499, CM-5 (6)
System files must be group-owned by root.xccdf_pcf.pci.SV-90295r2_rule_services mediumCCI-001499 CM-5 (6)
System files must be group-owned by root.
Rule ID
xccdf_pcf.pci.SV-90295r2_rule_services
Result
pass
Time
2020-05-05T17:46:35
Severity
medium
Identifiers and References
Identifiers: CCI-001499, CM-5 (6)
Audit records must contain information to establish what type of events occurred, the source of events, where events occurred, and the outcome of events.xccdf_pcf.pci.SV-90297r1-1_rule_services mediumCCI-000130 CCI-000131 CCI-000132 CCI-000133 CCI-000134 CCI-000135 CCI-000154 CCI-000158 CCI-000172 CCI-001464 CCI-001487 CCI-001814 CCI-001875 CCI-001876 CCI-001877 CCI-001878 CCI-001880 CCI-001914 CCI-002884 AU-3
Audit records must contain information to establish what type of events occurred, the source of events, where events occurred, and the outcome of events.
Rule ID
xccdf_pcf.pci.SV-90297r1-1_rule_services
Result
pass
Time
2020-05-05T17:46:35
Severity
medium
Identifiers and References
Identifiers: CCI-000130, CCI-000131, CCI-000132, CCI-000133, CCI-000134, CCI-000135, CCI-000154, CCI-000158, CCI-000172, CCI-001464, CCI-001487, CCI-001814, CCI-001875, CCI-001876, CCI-001877, CCI-001878, CCI-001880, CCI-001914, CCI-002884, AU-3
Audit records must contain information to establish what type of events occurred, the source of events, where events occurred, and the outcome of events.xccdf_pcf.pci.SV-90297r1-2_rule_services mediumCCI-000130 CCI-000131 CCI-000132 CCI-000133 CCI-000134 CCI-000135 CCI-000154 CCI-000158 CCI-000172 0158 CCI-000172 CCI-001464 CCI-001487 CCI-001814 CCI-001875 CCI-001876 CCI-001877 CCI-001878 CCI-001880 CCI-001914 1880 CCI-001914 CCI-002884 AU-3
Audit records must contain information to establish what type of events occurred, the source of events, where events occurred, and the outcome of events.
Rule ID
xccdf_pcf.pci.SV-90297r1-2_rule_services
Result
pass
Time
2020-05-05T17:46:35
Severity
medium
Identifiers and References
Identifiers: CCI-000130, CCI-000131, CCI-000132, CCI-000133, CCI-000134, CCI-000135, CCI-000154, CCI-000158, CCI-000172, 0158, CCI-000172, CCI-001464, CCI-001487, CCI-001814, CCI-001875, CCI-001876, CCI-001877, CCI-001878, CCI-001880, CCI-001914, 1880, CCI-001914, CCI-002884, AU-3
The auditd service must be running in the Ubuntu operating system.xccdf_pcf.pci.SV-95671r1_rule_services mediumCCI-000366 CM-6 b
The auditd service must be running in the Ubuntu operating system.
Rule ID
xccdf_pcf.pci.SV-95671r1_rule_services
Result
pass
Time
2020-05-05T17:46:35
Severity
medium
Identifiers and References
Identifiers: CCI-000366, CM-6 b
The Ubuntu operating system must notify the System Administrator (SA) and Information System Security Officer (ISSO) (at a minimum) via email when allocated audit record storage volume reaches 75% of the repository maximum audit record storage capacity.xccdf_pcf.pci.SV-90303r2_rule_services mediumCCI-001855 AU-5 (1)
The Ubuntu operating system must notify the System Administrator (SA) and Information System Security Officer (ISSO) (at a minimum) via email when allocated audit record storage volume reaches 75% of the repository maximum audit record storage capacity.
Rule ID
xccdf_pcf.pci.SV-90303r2_rule_services
Result
pass
Time
2020-05-05T17:46:35
Severity
medium
Identifiers and References
Identifiers: CCI-001855, AU-5 (1)
The System Administrator (SA) and Information System Security Officer (ISSO) (at a minimum) must be alerted of an audit processing failure event.xccdf_pcf.pci.SV-90305r2_rule_services mediumCCI-000139 AU-5 a
The System Administrator (SA) and Information System Security Officer (ISSO) (at a minimum) must be alerted of an audit processing failure event.
Rule ID
xccdf_pcf.pci.SV-90305r2_rule_services
Result
pass
Time
2020-05-05T17:46:35
Severity
medium
Identifiers and References
Identifiers: CCI-000139, AU-5 a
The audit system must take appropriate action when the audit storage volume is full.xccdf_pcf.pci.SV-90309r2_rule_services mediumCCI-000140 AU-5 b
The audit system must take appropriate action when the audit storage volume is full.
Rule ID
xccdf_pcf.pci.SV-90309r2_rule_services
Result
pass
Time
2020-05-05T17:46:35
Severity
medium
Identifiers and References
Identifiers: CCI-000140, AU-5 b
Audit logs must have a mode of 0600 or less permissive to prevent unauthorized read access.xccdf_pcf.pci.SV-90315r2_rule_services mediumCCI-000162 CCI-000163 CCI-000164 AU-9
Audit logs must have a mode of 0600 or less permissive to prevent unauthorized read access.
Rule ID
xccdf_pcf.pci.SV-90315r2_rule_services
Result
pass
Time
2020-05-05T17:46:35
Severity
medium
Identifiers and References
Identifiers: CCI-000162, CCI-000163, CCI-000164, AU-9
Audit log directories must have a mode of 0750 or less permissive to prevent unauthorized read access.xccdf_pcf.pci.SV-90317r2_rule_services mediumCCI-000162 CCI-000163 CCI-000164 AU-9
Audit log directories must have a mode of 0750 or less permissive to prevent unauthorized read access.
Rule ID
xccdf_pcf.pci.SV-90317r2_rule_services
Result
pass
Time
2020-05-05T17:46:35
Severity
medium
Identifiers and References
Identifiers: CCI-000162, CCI-000163, CCI-000164, AU-9
Audit logs must be owned by root to prevent unauthorized read access.xccdf_pcf.pci.SV-90319r2_rule_services mediumCCI-000162 CCI-000163 CCI-000164 AU-9
Audit logs must be owned by root to prevent unauthorized read access.
Rule ID
xccdf_pcf.pci.SV-90319r2_rule_services
Result
pass
Time
2020-05-05T17:46:35
Severity
medium
Identifiers and References
Identifiers: CCI-000162, CCI-000163, CCI-000164, AU-9
Audit logs must be group-owned by root to prevent unauthorized read access.xccdf_pcf.pci.SV-90321r2_rule_services mediumCCI-001314 AU-9
Audit logs must be group-owned by root to prevent unauthorized read access.
Rule ID
xccdf_pcf.pci.SV-90321r2_rule_services
Result
pass
Time
2020-05-05T17:46:35
Severity
medium
Identifiers and References
Identifiers: CCI-001314, AU-9
Audit log directory must be owned by root to prevent unauthorized read access.xccdf_pcf.pci.SV-90323r2_rule_services mediumCCI-000162 CCI-000163 CCI-000164 AU-9
Audit log directory must be owned by root to prevent unauthorized read access.
Rule ID
xccdf_pcf.pci.SV-90323r2_rule_services
Result
pass
Time
2020-05-05T17:46:35
Severity
medium
Identifiers and References
Identifiers: CCI-000162, CCI-000163, CCI-000164, AU-9
Audit log directory must be group-owned by root to prevent unauthorized read access.xccdf_pcf.pci.SV-90325r2_rule_services mediumCCI-000162 CCI-000163 CCI-000164 AU-9
Audit log directory must be group-owned by root to prevent unauthorized read access.
Rule ID
xccdf_pcf.pci.SV-90325r2_rule_services
Result
pass
Time
2020-05-05T17:46:35
Severity
medium
Identifiers and References
Identifiers: CCI-000162, CCI-000163, CCI-000164, AU-9
The Ubuntu operating system must allow only the Information System Security Manager (ISSM) (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited.xccdf_pcf.pci.SV-90327r1-1_rule_services mediumCCI-000171 AU-12 b
The Ubuntu operating system must allow only the Information System Security Manager (ISSM) (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited.
Rule ID
xccdf_pcf.pci.SV-90327r1-1_rule_services
Result
pass
Time
2020-05-05T17:46:35
Severity
medium
Identifiers and References
Identifiers: CCI-000171, AU-12 b
The Ubuntu operating system must allow only the Information System Security Manager (ISSM) (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited.xccdf_pcf.pci.SV-90327r1-2_rule_services mediumCCI-000171 AU-12 b
The Ubuntu operating system must allow only the Information System Security Manager (ISSM) (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited.
Rule ID
xccdf_pcf.pci.SV-90327r1-2_rule_services
Result
pass
Time
2020-05-05T17:46:35
Severity
medium
Identifiers and References
Identifiers: CCI-000171, AU-12 b
The audit log files must be owned by root.xccdf_pcf.pci.SV-90329r2_rule_services mediumCCI-001314 SI-11 b
The audit log files must be owned by root.
Rule ID
xccdf_pcf.pci.SV-90329r2_rule_services
Result
pass
Time
2020-05-05T17:46:35
Severity
medium
Identifiers and References
Identifiers: CCI-001314, SI-11 b
The audit log files in the Ubuntu operating system must have mode 0640 or less permissive.xccdf_pcf.pci.SV-95675r1_rule_services mediumCCI-001314 SI-11 b
The audit log files in the Ubuntu operating system must have mode 0640 or less permissive.
Rule ID
xccdf_pcf.pci.SV-95675r1_rule_services
Result
pass
Time
2020-05-05T17:46:35
Severity
medium
Identifiers and References
Identifiers: CCI-001314, SI-11 b
Audit tools must have a mode of 0755 or less permissive.xccdf_pcf.pci.SV-90333r2_rule_services mediumCCI-001493 CCI-001494 CCI-001495 AU-9
Audit tools must have a mode of 0755 or less permissive.
Rule ID
xccdf_pcf.pci.SV-90333r2_rule_services
Result
pass
Time
2020-05-05T17:46:35
Severity
medium
Identifiers and References
Identifiers: CCI-001493, CCI-001494, CCI-001495, AU-9
Audit tools must be owned by root.xccdf_pcf.pci.SV-90335r2_rule_services mediumCCI-001493 CCI-001494 CCI-001495 AU-9
Audit tools must be owned by root.
Rule ID
xccdf_pcf.pci.SV-90335r2_rule_services
Result
pass
Time
2020-05-05T17:46:35
Severity
medium
Identifiers and References
Identifiers: CCI-001493, CCI-001494, CCI-001495, AU-9
Audit tools must be group-owned by root.xccdf_pcf.pci.SV-90337r2_rule_services mediumCCI-001493 CCI-001494 CCI-001495 AU-9
Audit tools must be group-owned by root.
Rule ID
xccdf_pcf.pci.SV-90337r2_rule_services
Result
pass
Time
2020-05-05T17:46:35
Severity
medium
Identifiers and References
Identifiers: CCI-001493, CCI-001494, CCI-001495, AU-9
The Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.xccdf_pcf.pci.SV-90341r3_rule_services mediumCCI-000130 CCI-000135 CCI-000169 CCI-000172 CCI-002132 CCI-002884 AU-3
The Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.
Rule ID
xccdf_pcf.pci.SV-90341r3_rule_services
Result
pass
Time
2020-05-05T17:46:35
Severity
medium
Identifiers and References
Identifiers: CCI-000130, CCI-000135, CCI-000169, CCI-000172, CCI-002132, CCI-002884, AU-3
The Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group.xccdf_pcf.pci.SV-90343r3_rule_services mediumCCI-000130 CCI-000135 CCI-000169 CCI-000172 CCI-002132 CCI-002884 AU-3
The Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group.
Rule ID
xccdf_pcf.pci.SV-90343r3_rule_services
Result
pass
Time
2020-05-05T17:46:35
Severity
medium
Identifiers and References
Identifiers: CCI-000130, CCI-000135, CCI-000169, CCI-000172, CCI-002132, CCI-002884, AU-3
The Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/gshadow.xccdf_pcf.pci.SV-90345r3_rule_services mediumCCI-000130 CCI-000135 CCI-000169 CCI-000172 CCI-002132 CCI-002884 AU-3
The Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/gshadow.
Rule ID
xccdf_pcf.pci.SV-90345r3_rule_services
Result
pass
Time
2020-05-05T17:46:35
Severity
medium
Identifiers and References
Identifiers: CCI-000130, CCI-000135, CCI-000169, CCI-000172, CCI-002132, CCI-002884, AU-3
The Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow.xccdf_pcf.pci.SV-90347r3_rule_services mediumCCI-000130 CCI-000135 CCI-000169 CCI-000172 CCI-002132 CCI-002884 AU-3
The Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow.
Rule ID
xccdf_pcf.pci.SV-90347r3_rule_services
Result
pass
Time
2020-05-05T17:46:35
Severity
medium
Identifiers and References
Identifiers: CCI-000130, CCI-000135, CCI-000169, CCI-000172, CCI-002132, CCI-002884, AU-3
The Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/security/opasswd.xccdf_pcf.pci.SV-90367r3_rule_services mediumCCI-000130 CCI-000135 CCI-000169 CCI-000172 CCI-002132 CCI-002884 AU-3
The Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/security/opasswd.
Rule ID
xccdf_pcf.pci.SV-90367r3_rule_services
Result
pass
Time
2020-05-05T17:46:35
Severity
medium
Identifiers and References
Identifiers: CCI-000130, CCI-000135, CCI-000169, CCI-000172, CCI-002132, CCI-002884, AU-3
The audit system must be configured to audit the execution of privileged functions and prevent all software from executing at higher privilege levels than users executing the software.xccdf_pcf.pci.SV-90369r2_rule_services mediumCCI-002233 CCI-002234 AC-6 (8)
The audit system must be configured to audit the execution of privileged functions and prevent all software from executing at higher privilege levels than users executing the software.
Rule ID
xccdf_pcf.pci.SV-90369r2_rule_services
Result
pass
Time
2020-05-05T17:46:35
Severity
medium
Identifiers and References
Identifiers: CCI-002233, CCI-002234, AC-6 (8)
Successful/unsuccessful uses of the su command must generate an audit record.xccdf_pcf.pci.SV-90371r3_rule_services mediumCCI-000130 CCI-000135 CCI-000169 CCI-000172 CCI-002132 CCI-002884 AU-3
Successful/unsuccessful uses of the su command must generate an audit record.
Rule ID
xccdf_pcf.pci.SV-90371r3_rule_services
Result
pass
Time
2020-05-05T17:46:35
Severity
medium
Identifiers and References
Identifiers: CCI-000130, CCI-000135, CCI-000169, CCI-000172, CCI-002132, CCI-002884, AU-3
Successful/unsuccessful uses of the chfn command must generate an audit record.xccdf_pcf.pci.SV-90373r3_rule_services mediumCCI-000130 CCI-000135 CCI-000169 CCI-000172 CCI-002884 AU-3
Successful/unsuccessful uses of the chfn command must generate an audit record.
Rule ID
xccdf_pcf.pci.SV-90373r3_rule_services
Result
pass
Time
2020-05-05T17:46:35
Severity
medium
Identifiers and References
Identifiers: CCI-000130, CCI-000135, CCI-000169, CCI-000172, CCI-002884, AU-3
Successful/unsuccessful uses of the mount command must generate an audit record.xccdf_pcf.pci.SV-90375r3_rule_services lowCCI-000130 CCI-000135 CCI-000169 CCI-000172 CCI-002884 AU-3
Successful/unsuccessful uses of the mount command must generate an audit record.
Rule ID
xccdf_pcf.pci.SV-90375r3_rule_services
Result
pass
Time
2020-05-05T17:46:35
Severity
low
Identifiers and References
Identifiers: CCI-000130, CCI-000135, CCI-000169, CCI-000172, CCI-002884, AU-3
Successful/unsuccessful uses of the umount command must generate an audit record.xccdf_pcf.pci.SV-90377r3_rule_services mediumCCI-000135 CCI-000172 CCI-002884 AU-3 (1)
Successful/unsuccessful uses of the umount command must generate an audit record.
Rule ID
xccdf_pcf.pci.SV-90377r3_rule_services
Result
pass
Time
2020-05-05T17:46:35
Severity
medium
Identifiers and References
Identifiers: CCI-000135, CCI-000172, CCI-002884, AU-3 (1)
Successful/unsuccessful uses of the ssh-agent command must generate an audit record.xccdf_pcf.pci.SV-90379r3_rule_services mediumCCI-000130 CCI-000135 CCI-000169 CCI-000172 CCI-002884 AU-3
Successful/unsuccessful uses of the ssh-agent command must generate an audit record.
Rule ID
xccdf_pcf.pci.SV-90379r3_rule_services
Result
pass
Time
2020-05-05T17:46:35
Severity
medium
Identifiers and References
Identifiers: CCI-000130, CCI-000135, CCI-000169, CCI-000172, CCI-002884, AU-3
Successful/unsuccessful uses of the ssh-keysign command must generate an audit record.xccdf_pcf.pci.SV-90387r3_rule_services mediumCCI-000130 CCI-000135 CCI-000169 CCI-000172 CCI-002884 AU-3
Successful/unsuccessful uses of the ssh-keysign command must generate an audit record.
Rule ID
xccdf_pcf.pci.SV-90387r3_rule_services
Result
pass
Time
2020-05-05T17:46:35
Severity
medium
Identifiers and References
Identifiers: CCI-000130, CCI-000135, CCI-000169, CCI-000172, CCI-002884, AU-3
The audit system must be configured to audit any usage of the insmod command.xccdf_pcf.pci.SV-90389r2_rule_services mediumCCI-000130 CCI-000135 CCI-000169 CCI-000172 CCI-002884 AU-3
The audit system must be configured to audit any usage of the insmod command.
Rule ID
xccdf_pcf.pci.SV-90389r2_rule_services
Result
pass
Time
2020-05-05T17:46:35
Severity
medium
Identifiers and References
Identifiers: CCI-000130, CCI-000135, CCI-000169, CCI-000172, CCI-002884, AU-3
The audit system must be configured to audit any usage of the rmmod command.xccdf_pcf.pci.SV-90391r2_rule_services mediumCCI-000130 CCI-000135 CCI-000169 CCI-000172 CCI-002884 AU-3
The audit system must be configured to audit any usage of the rmmod command.
Rule ID
xccdf_pcf.pci.SV-90391r2_rule_services
Result
pass
Time
2020-05-05T17:46:35
Severity
medium
Identifiers and References
Identifiers: CCI-000130, CCI-000135, CCI-000169, CCI-000172, CCI-002884, AU-3
The audit system must be configured to audit any usage of the modprobe command.xccdf_pcf.pci.SV-90393r2_rule_services mediumCCI-000130 CCI-000135 CCI-000169 CCI-000172 CCI-002884 AU-3
The audit system must be configured to audit any usage of the modprobe command.
Rule ID
xccdf_pcf.pci.SV-90393r2_rule_services
Result
pass
Time
2020-05-05T17:46:35
Severity
medium
Identifiers and References
Identifiers: CCI-000130, CCI-000135, CCI-000169, CCI-000172, CCI-002884, AU-3
The audit system must be configured to audit any usage of the kmod command.xccdf_pcf.pci.SV-90395r2_rule_services mediumCCI-000130 CCI-000135 CCI-000169 CCI-000172 CCI-002884 AU-3
The audit system must be configured to audit any usage of the kmod command.
Rule ID
xccdf_pcf.pci.SV-90395r2_rule_services
Result
pass
Time
2020-05-05T17:46:35
Severity
medium
Identifiers and References
Identifiers: CCI-000130, CCI-000135, CCI-000169, CCI-000172, CCI-002884, AU-3
Successful/unsuccessful uses of the chown command must generate an audit record.xccdf_pcf.pci.SV-90409r3_rule_services mediumCCI-000130 CCI-000135 CCI-000169 CCI-000172 CCI-002884 AU-3
Successful/unsuccessful uses of the chown command must generate an audit record.
Rule ID
xccdf_pcf.pci.SV-90409r3_rule_services
Result
pass
Time
2020-05-05T17:46:35
Severity
medium
Identifiers and References
Identifiers: CCI-000130, CCI-000135, CCI-000169, CCI-000172, CCI-002884, AU-3
Successful/unsuccessful uses of the fchown command must generate an audit record.xccdf_pcf.pci.SV-90411r3_rule_services mediumCCI-000130 CCI-000135 CCI-000169 CCI-000172 CCI-002884 AU-3
Successful/unsuccessful uses of the fchown command must generate an audit record.
Rule ID
xccdf_pcf.pci.SV-90411r3_rule_services
Result
pass
Time
2020-05-05T17:46:35
Severity
medium
Identifiers and References
Identifiers: CCI-000130, CCI-000135, CCI-000169, CCI-000172, CCI-002884, AU-3
Successful/unsuccessful uses of the fchownat command must generate an audit record.xccdf_pcf.pci.SV-90413r3_rule_services mediumCCI-000130 CCI-000135 CCI-000169 CCI-000172 CCI-002884 AU-3
Successful/unsuccessful uses of the fchownat command must generate an audit record.
Rule ID
xccdf_pcf.pci.SV-90413r3_rule_services
Result
pass
Time
2020-05-05T17:46:35
Severity
medium
Identifiers and References
Identifiers: CCI-000130, CCI-000135, CCI-000169, CCI-000172, CCI-002884, AU-3
Successful/unsuccessful uses of the lchown command must generate an audit record.xccdf_pcf.pci.SV-90415r3_rule_services mediumCCI-000130 CCI-000135 CCI-000169 CCI-000172 CCI-002884 AU-3
Successful/unsuccessful uses of the lchown command must generate an audit record.
Rule ID
xccdf_pcf.pci.SV-90415r3_rule_services
Result
pass
Time
2020-05-05T17:46:35
Severity
medium
Identifiers and References
Identifiers: CCI-000130, CCI-000135, CCI-000169, CCI-000172, CCI-002884, AU-3
Successful/unsuccessful uses of the chmod command must generate an audit record.xccdf_pcf.pci.SV-90417r3_rule_services mediumCCI-000130 CCI-000135 CCI-000169 CCI-000172 CCI-002884 AU-3
Successful/unsuccessful uses of the chmod command must generate an audit record.
Rule ID
xccdf_pcf.pci.SV-90417r3_rule_services
Result
pass
Time
2020-05-05T17:46:35
Severity
medium
Identifiers and References
Identifiers: CCI-000130, CCI-000135, CCI-000169, CCI-000172, CCI-002884, AU-3
Successful/unsuccessful uses of the fchmod command must generate an audit record.xccdf_pcf.pci.SV-90419r3_rule_services mediumCCI-000130 CCI-000135 CCI-000169 CCI-000172 CCI-002884 AU-3
Successful/unsuccessful uses of the fchmod command must generate an audit record.
Rule ID
xccdf_pcf.pci.SV-90419r3_rule_services
Result
pass
Time
2020-05-05T17:46:35
Severity
medium
Identifiers and References
Identifiers: CCI-000130, CCI-000135, CCI-000169, CCI-000172, CCI-002884, AU-3
Successful/unsuccessful uses of the fchmodat command must generate an audit record.xccdf_pcf.pci.SV-90421r3_rule_services mediumCCI-000130 CCI-000135 CCI-000169 CCI-000172 CCI-002884 AU-3
Successful/unsuccessful uses of the fchmodat command must generate an audit record.
Rule ID
xccdf_pcf.pci.SV-90421r3_rule_services
Result
pass
Time
2020-05-05T17:46:35
Severity
medium
Identifiers and References
Identifiers: CCI-000130, CCI-000135, CCI-000169, CCI-000172, CCI-002884, AU-3
Successful/unsuccessful uses of the open command must generate an audit record.xccdf_pcf.pci.SV-90423r3_rule_services mediumCCI-000130 CCI-000135 CCI-000169 CCI-000172 CCI-002884 AU-3
Successful/unsuccessful uses of the open command must generate an audit record.
Rule ID
xccdf_pcf.pci.SV-90423r3_rule_services
Result
pass
Time
2020-05-05T17:46:35
Severity
medium
Identifiers and References
Identifiers: CCI-000130, CCI-000135, CCI-000169, CCI-000172, CCI-002884, AU-3
Successful/unsuccessful uses of the truncate command must generate an audit record.xccdf_pcf.pci.SV-90425r3_rule_services mediumCCI-000130 CCI-000135 CCI-000169 CCI-000172 CCI-002884 AU-3
Successful/unsuccessful uses of the truncate command must generate an audit record.
Rule ID
xccdf_pcf.pci.SV-90425r3_rule_services
Result
pass
Time
2020-05-05T17:46:35
Severity
medium
Identifiers and References
Identifiers: CCI-000130, CCI-000135, CCI-000169, CCI-000172, CCI-002884, AU-3
Successful/unsuccessful uses of the ftruncate command must generate an audit record.xccdf_pcf.pci.SV-90427r3_rule_services mediumCCI-000130 CCI-000135 CCI-000169 CCI-000172 CCI-002884 AU-3
Successful/unsuccessful uses of the ftruncate command must generate an audit record.
Rule ID
xccdf_pcf.pci.SV-90427r3_rule_services
Result
pass
Time
2020-05-05T17:46:35
Severity
medium
Identifiers and References
Identifiers: CCI-000130, CCI-000135, CCI-000169, CCI-000172, CCI-002884, AU-3
Successful/unsuccessful uses of the creat command must generate an audit record.xccdf_pcf.pci.SV-90429r3_rule_services mediumCCI-000130 CCI-000135 CCI-000169 CCI-000172 CCI-002884 AU-3
Successful/unsuccessful uses of the creat command must generate an audit record.
Rule ID
xccdf_pcf.pci.SV-90429r3_rule_services
Result
pass
Time
2020-05-05T17:46:35
Severity
medium
Identifiers and References
Identifiers: CCI-000130, CCI-000135, CCI-000169, CCI-000172, CCI-002884, AU-3
Successful/unsuccessful uses of the openat command must generate an audit record.xccdf_pcf.pci.SV-90431r3_rule_services mediumCCI-000130 CCI-000135 CCI-000169 CCI-000172 CCI-002884 AU-3
Successful/unsuccessful uses of the openat command must generate an audit record.
Rule ID
xccdf_pcf.pci.SV-90431r3_rule_services
Result
pass
Time
2020-05-05T17:46:35
Severity
medium
Identifiers and References
Identifiers: CCI-000130, CCI-000135, CCI-000169, CCI-000172, CCI-002884, AU-3
Successful/unsuccessful uses of the open_by_handle_at command must generate an audit record.xccdf_pcf.pci.SV-90433r3_rule_services mediumCCI-000130 CCI-000135 CCI-000169 CCI-000172 CCI-002884 AU-3
Successful/unsuccessful uses of the open_by_handle_at command must generate an audit record.
Rule ID
xccdf_pcf.pci.SV-90433r3_rule_services
Result
pass
Time
2020-05-05T17:46:35
Severity
medium
Identifiers and References
Identifiers: CCI-000130, CCI-000135, CCI-000169, CCI-000172, CCI-002884, AU-3
Successful/unsuccessful uses of the sudo command must generate an audit record.xccdf_pcf.pci.SV-90435r3_rule_services mediumCCI-000130 CCI-000135 CCI-000169 CCI-000172 CCI-002884 AU-3
Successful/unsuccessful uses of the sudo command must generate an audit record.
Rule ID
xccdf_pcf.pci.SV-90435r3_rule_services
Result
pass
Time
2020-05-05T17:46:35
Severity
medium
Identifiers and References
Identifiers: CCI-000130, CCI-000135, CCI-000169, CCI-000172, CCI-002884, AU-3
Successful/unsuccessful uses of the sudoedit command must generate an audit record.xccdf_pcf.pci.SV-90437r3_rule_services mediumCCI-000130 CCI-000135 CCI-000169 CCI-000172 CCI-002884 AU-3
Successful/unsuccessful uses of the sudoedit command must generate an audit record.
Rule ID
xccdf_pcf.pci.SV-90437r3_rule_services
Result
pass
Time
2020-05-05T17:46:35
Severity
medium
Identifiers and References
Identifiers: CCI-000130, CCI-000135, CCI-000169, CCI-000172, CCI-002884, AU-3
Successful/unsuccessful uses of the chsh command must generate an audit record.xccdf_pcf.pci.SV-90439r3_rule_services mediumCCI-000130 CCI-000135 CCI-000169 CCI-000172 CCI-002884 AU-3
Successful/unsuccessful uses of the chsh command must generate an audit record.
Rule ID
xccdf_pcf.pci.SV-90439r3_rule_services
Result
pass
Time
2020-05-05T17:46:35
Severity
medium
Identifiers and References
Identifiers: CCI-000130, CCI-000135, CCI-000169, CCI-000172, CCI-002884, AU-3
Successful/unsuccessful uses of the newgrp command must generate an audit record.xccdf_pcf.pci.SV-90441r4_rule_services mediumCCI-000130 CCI-000135 CCI-000169 CCI-000172 CCI-002884 AU-3
Successful/unsuccessful uses of the newgrp command must generate an audit record.
Rule ID
xccdf_pcf.pci.SV-90441r4_rule_services
Result
pass
Time
2020-05-05T17:46:35
Severity
medium
Identifiers and References
Identifiers: CCI-000130, CCI-000135, CCI-000169, CCI-000172, CCI-002884, AU-3
Successful/unsuccessful uses of the chcon command must generate an audit record.xccdf_pcf.pci.SV-95681r1_rule_services mediumCCI-000130 CCI-000135 CCI-000169 CCI-000172 CCI-002884 AU-3
Successful/unsuccessful uses of the chcon command must generate an audit record.
Rule ID
xccdf_pcf.pci.SV-95681r1_rule_services
Result
pass
Time
2020-05-05T17:46:35
Severity
medium
Identifiers and References
Identifiers: CCI-000130, CCI-000135, CCI-000169, CCI-000172, CCI-002884, AU-3
Successful/unsuccessful uses of the apparmor_parser command must generate an audit record.xccdf_pcf.pci.SV-90445r3_rule_services mediumCCI-000130 CCI-000135 CCI-000169 CCI-000172 CCI-002884 AU-3
Successful/unsuccessful uses of the apparmor_parser command must generate an audit record.
Rule ID
xccdf_pcf.pci.SV-90445r3_rule_services
Result
pass
Time
2020-05-05T17:46:35
Severity
medium
Identifiers and References
Identifiers: CCI-000130, CCI-000135, CCI-000169, CCI-000172, CCI-002884, AU-3
Successful/unsuccessful modifications to the tallylog file must generate an audit record.xccdf_pcf.pci.SV-90451r3_rule_services mediumCCI-000130 CCI-000135 CCI-000169 CCI-000172 CCI-002884 AU-3
Successful/unsuccessful modifications to the tallylog file must generate an audit record.
Rule ID
xccdf_pcf.pci.SV-90451r3_rule_services
Result
pass
Time
2020-05-05T17:46:35
Severity
medium
Identifiers and References
Identifiers: CCI-000130, CCI-000135, CCI-000169, CCI-000172, CCI-002884, AU-3
Successful/unsuccessful modifications to the faillog file must generate an audit record.xccdf_pcf.pci.SV-90453r3_rule_services mediumCCI-000130 CCI-000135 CCI-000169 CCI-000172 CCI-002884 AU-3
Successful/unsuccessful modifications to the faillog file must generate an audit record.
Rule ID
xccdf_pcf.pci.SV-90453r3_rule_services
Result
pass
Time
2020-05-05T17:46:35
Severity
medium
Identifiers and References
Identifiers: CCI-000130, CCI-000135, CCI-000169, CCI-000172, CCI-002884, AU-3
Successful/unsuccessful modifications to the lastlog file must generate an audit record.xccdf_pcf.pci.SV-90455r3_rule_services mediumCCI-000130 CCI-000135 CCI-000169 CCI-000172 CCI-002884 AU-3
Successful/unsuccessful modifications to the lastlog file must generate an audit record.
Rule ID
xccdf_pcf.pci.SV-90455r3_rule_services
Result
pass
Time
2020-05-05T17:46:35
Severity
medium
Identifiers and References
Identifiers: CCI-000130, CCI-000135, CCI-000169, CCI-000172, CCI-002884, AU-3
Successful/unsuccessful uses of the passwd command must generate an audit record.xccdf_pcf.pci.SV-90457r3_rule_services mediumCCI-000130 CCI-000135 CCI-000169 CCI-000172 CCI-002884 AU-3
Successful/unsuccessful uses of the passwd command must generate an audit record.
Rule ID
xccdf_pcf.pci.SV-90457r3_rule_services
Result
pass
Time
2020-05-05T17:46:35
Severity
medium
Identifiers and References
Identifiers: CCI-000130, CCI-000135, CCI-000169, CCI-000172, CCI-002884, AU-3
Successful/unsuccessful uses of the unix_update command must generate an audit record.xccdf_pcf.pci.SV-90459r3_rule_services mediumCCI-000130 CCI-000135 CCI-000169 CCI-000172 CCI-002884 AU-3
Successful/unsuccessful uses of the unix_update command must generate an audit record.
Rule ID
xccdf_pcf.pci.SV-90459r3_rule_services
Result
pass
Time
2020-05-05T17:46:35
Severity
medium
Identifiers and References
Identifiers: CCI-000130, CCI-000135, CCI-000169, CCI-000172, CCI-002884, AU-3
Successful/unsuccessful uses of the gpasswd command must generate an audit record.xccdf_pcf.pci.SV-90461r3_rule_services mediumCCI-000130 CCI-000135 CCI-000169 CCI-000172 CCI-002884 AU-3
Successful/unsuccessful uses of the gpasswd command must generate an audit record.
Rule ID
xccdf_pcf.pci.SV-90461r3_rule_services
Result
pass
Time
2020-05-05T17:46:35
Severity
medium
Identifiers and References
Identifiers: CCI-000130, CCI-000135, CCI-000169, CCI-000172, CCI-002884, AU-3
Successful/unsuccessful uses of the chage command must generate an audit record.xccdf_pcf.pci.SV-90463r3_rule_services mediumCCI-000130 CCI-000135 CCI-000169 CCI-000172 CCI-002884 AU-3
Successful/unsuccessful uses of the chage command must generate an audit record.
Rule ID
xccdf_pcf.pci.SV-90463r3_rule_services
Result
pass
Time
2020-05-05T17:46:35
Severity
medium
Identifiers and References
Identifiers: CCI-000130, CCI-000135, CCI-000169, CCI-000172, CCI-002884, AU-3
Successful/unsuccessful uses of the usermod command must generate an audit record.xccdf_pcf.pci.SV-90465r3_rule_services mediumCCI-000130 CCI-000135 CCI-000169 CCI-000172 CCI-002884 AU-3
Successful/unsuccessful uses of the usermod command must generate an audit record.
Rule ID
xccdf_pcf.pci.SV-90465r3_rule_services
Result
pass
Time
2020-05-05T17:46:35
Severity
medium
Identifiers and References
Identifiers: CCI-000130, CCI-000135, CCI-000169, CCI-000172, CCI-002884, AU-3
Successful/unsuccessful uses of the crontab command must generate an audit record.xccdf_pcf.pci.SV-90467r3_rule_services mediumCCI-000130 CCI-000135 CCI-000169 CCI-000172 CCI-002884 AU-3
Successful/unsuccessful uses of the crontab command must generate an audit record.
Rule ID
xccdf_pcf.pci.SV-90467r3_rule_services
Result
pass
Time
2020-05-05T17:46:35
Severity
medium
Identifiers and References
Identifiers: CCI-000130, CCI-000135, CCI-000169, CCI-000172, CCI-002884, AU-3
Successful/unsuccessful uses of the pam_timestamp_check command must generate an audit record.xccdf_pcf.pci.SV-90469r3_rule_services mediumCCI-000130 CCI-000135 CCI-000169 CCI-000172 CCI-002884 AU-3
Successful/unsuccessful uses of the pam_timestamp_check command must generate an audit record.
Rule ID
xccdf_pcf.pci.SV-90469r3_rule_services
Result
pass
Time
2020-05-05T17:46:35
Severity
medium
Identifiers and References
Identifiers: CCI-000130, CCI-000135, CCI-000169, CCI-000172, CCI-002884, AU-3
Successful/unsuccessful uses of the init_module command must generate an audit record.xccdf_pcf.pci.SV-90471r3_rule_services mediumCCI-000130 CCI-000135 CCI-000169 CCI-000172 CCI-002884 AU-3
Successful/unsuccessful uses of the init_module command must generate an audit record.
Rule ID
xccdf_pcf.pci.SV-90471r3_rule_services
Result
pass
Time
2020-05-05T17:46:35
Severity
medium
Identifiers and References
Identifiers: CCI-000130, CCI-000135, CCI-000169, CCI-000172, CCI-002884, AU-3
Successful/unsuccessful uses of the finit_module command must generate an audit record.xccdf_pcf.pci.SV-90473r3_rule_services mediumCCI-000130 CCI-000135 CCI-000169 CCI-000172 CCI-002884 AU-3
Successful/unsuccessful uses of the finit_module command must generate an audit record.
Rule ID
xccdf_pcf.pci.SV-90473r3_rule_services
Result
pass
Time
2020-05-05T17:46:35
Severity
medium
Identifiers and References
Identifiers: CCI-000130, CCI-000135, CCI-000169, CCI-000172, CCI-002884, AU-3
Successful/unsuccessful uses of the delete_module command must generate an audit record.xccdf_pcf.pci.SV-90475r3_rule_services mediumCCI-000130 CCI-000135 CCI-000169 CCI-000172 CCI-002884 AU-3
Successful/unsuccessful uses of the delete_module command must generate an audit record.
Rule ID
xccdf_pcf.pci.SV-90475r3_rule_services
Result
pass
Time
2020-05-05T17:46:35
Severity
medium
Identifiers and References
Identifiers: CCI-000130, CCI-000135, CCI-000169, CCI-000172, CCI-002884, AU-3
The telnet package must not be installed.xccdf_pcf.pci.SV-90477r2_rule_services highCCI-000197 CCI-000381 IA-5 (1) (c)
The telnet package must not be installed.
Rule ID
xccdf_pcf.pci.SV-90477r2_rule_services
Result
pass
Time
2020-05-05T17:46:40
Severity
high
Identifiers and References
Identifiers: CCI-000197, CCI-000381, IA-5 (1) (c)
The Network Information Service (NIS) package must not be installed.xccdf_pcf.pci.SV-90479r2_rule_services highCCI-000381 CM-7 a
The Network Information Service (NIS) package must not be installed.
Rule ID
xccdf_pcf.pci.SV-90479r2_rule_services
Result
pass
Time
2020-05-05T17:46:41
Severity
high
Identifiers and References
Identifiers: CCI-000381, CM-7 a
The rsh-server package must not be installed.xccdf_pcf.pci.SV-90481r2_rule_services highCCI-000381 CM-7 a
The rsh-server package must not be installed.
Rule ID
xccdf_pcf.pci.SV-90481r2_rule_services
Result
pass
Time
2020-05-05T17:46:41
Severity
high
Identifiers and References
Identifiers: CCI-000381, CM-7 a
A sticky bit must be set on all public directories to prevent unauthorized and unintended information transferred via shared system resources.xccdf_pcf.pci.SV-90491r4_rule_services mediumCCI-001090 SC-4
A sticky bit must be set on all public directories to prevent unauthorized and unintended information transferred via shared system resources.
Rule ID
xccdf_pcf.pci.SV-90491r4_rule_services
Result
pass
Time
2020-05-05T17:46:41
Severity
medium
Identifiers and References
Identifiers: CCI-001090, SC-4
The Ubuntu operating system must synchronize internal information system clocks to the authoritative time source when the time difference is greater than one second.xccdf_pcf.pci.SV-90495r2_rule_services mediumCCI-002046 AU-8 (1) (b)
The Ubuntu operating system must synchronize internal information system clocks to the authoritative time source when the time difference is greater than one second.
Rule ID
xccdf_pcf.pci.SV-90495r2_rule_services
Result
pass
Time
2020-05-05T17:46:41
Severity
medium
Identifiers and References
Identifiers: CCI-002046, AU-8 (1) (b)
The Ubuntu operating system must record time stamps for audit records that can be mapped to Coordinated Universal Time (UTC) or Greenwich Mean Time (GMT).xccdf_pcf.pci.SV-90497r2_rule_services mediumCCI-001890 AU-8 b
The Ubuntu operating system must record time stamps for audit records that can be mapped to Coordinated Universal Time (UTC) or Greenwich Mean Time (GMT).
Rule ID
xccdf_pcf.pci.SV-90497r2_rule_services
Result
pass
Time
2020-05-05T17:46:41
Severity
medium
Identifiers and References
Identifiers: CCI-001890, AU-8 b
The Ubuntu operating system must implement non-executable data to protect its memory from unauthorized code execution.xccdf_pcf.pci.SV-90499r2_rule_services mediumCCI-002824 SI-16
The Ubuntu operating system must implement non-executable data to protect its memory from unauthorized code execution.
Rule ID
xccdf_pcf.pci.SV-90499r2_rule_services
Result
pass
Time
2020-05-05T17:46:41
Severity
medium
Identifiers and References
Identifiers: CCI-002824, SI-16
The Ubuntu operating system must implement address space layout randomization to protect its memory from unauthorized code execution.xccdf_pcf.pci.SV-90501r2_rule_services mediumCCI-002824 SI-16
The Ubuntu operating system must implement address space layout randomization to protect its memory from unauthorized code execution.
Rule ID
xccdf_pcf.pci.SV-90501r2_rule_services
Result
pass
Time
2020-05-05T17:46:41
Severity
medium
Identifiers and References
Identifiers: CCI-002824, SI-16
The Ubuntu operating system must enforce SSHv2 for network access to all accounts.xccdf_pcf.pci.SV-90503r1_rule_services highCCI-001941 CCI-001942 IA-2 (8)
The Ubuntu operating system must enforce SSHv2 for network access to all accounts.
Rule ID
xccdf_pcf.pci.SV-90503r1_rule_services
Result
pass
Time
2020-05-05T17:46:41
Severity
high
Identifiers and References
Identifiers: CCI-001941, CCI-001942, IA-2 (8)
The Ubuntu operating system must display the Standard Mandatory DoD Notice and Consent Banner before granting local or remote access to the system via a SSH logon and the user must acknowledge the usage conditions and take explicit actions to log on for further access.xccdf_pcf.pci.SV-90505r3_rule_services mediumCCI-000048 AC-8 a
The Ubuntu operating system must display the Standard Mandatory DoD Notice and Consent Banner before granting local or remote access to the system via a SSH logon and the user must acknowledge the usage conditions and take explicit actions to log on for further access.
Rule ID
xccdf_pcf.pci.SV-90505r3_rule_services
Result
pass
Time
2020-05-05T17:46:41
Severity
medium
Identifiers and References
Identifiers: CCI-000048, AC-8 a
The Ubuntu operating system must not permit direct logons to the root account using remote access via SSH.xccdf_pcf.pci.SV-90507r2_rule_services mediumCCI-000366 CM-6 b
The Ubuntu operating system must not permit direct logons to the root account using remote access via SSH.
Rule ID
xccdf_pcf.pci.SV-90507r2_rule_services
Result
pass
Time
2020-05-05T17:46:41
Severity
medium
Identifiers and References
Identifiers: CCI-000366, CM-6 b
Unattended or automatic login via SSH must not be allowed.xccdf_pcf.pci.SV-90513r2_rule_services highCCI-000366 CM-6 b
Unattended or automatic login via SSH must not be allowed.
Rule ID
xccdf_pcf.pci.SV-90513r2_rule_services
Result
pass
Time
2020-05-05T17:46:41
Severity
high
Identifiers and References
Identifiers: CCI-000366, CM-6 b
The system must display the date and time of the last successful account logon upon an SSH logon.xccdf_pcf.pci.SV-90515r2_rule_services mediumCCI-000366 CM-6 b
The system must display the date and time of the last successful account logon upon an SSH logon.
Rule ID
xccdf_pcf.pci.SV-90515r2_rule_services
Result
pass
Time
2020-05-05T17:46:41
Severity
medium
Identifiers and References
Identifiers: CCI-000366, CM-6 b
The SSH public host key files must have mode 0644 or less permissive.xccdf_pcf.pci.SV-90523r2_rule_services mediumCCI-000366 CM-6 b
The SSH public host key files must have mode 0644 or less permissive.
Rule ID
xccdf_pcf.pci.SV-90523r2_rule_services
Result
pass
Time
2020-05-05T17:46:41
Severity
medium
Identifiers and References
Identifiers: CCI-000366, CM-6 b
The SSH private host key files must have mode 0600 or less permissive.xccdf_pcf.pci.SV-90525r2_rule_services mediumCCI-000366 CM-6 b
The SSH private host key files must have mode 0600 or less permissive.
Rule ID
xccdf_pcf.pci.SV-90525r2_rule_services
Result
pass
Time
2020-05-05T17:46:41
Severity
medium
Identifiers and References
Identifiers: CCI-000366, CM-6 b
The SSH daemon must perform strict mode checking of home directory configuration files.xccdf_pcf.pci.SV-90527r2_rule_services mediumCCI-000366 CM-6 b
The SSH daemon must perform strict mode checking of home directory configuration files.
Rule ID
xccdf_pcf.pci.SV-90527r2_rule_services
Result
pass
Time
2020-05-05T17:46:41
Severity
medium
Identifiers and References
Identifiers: CCI-000366, CM-6 b
The SSH daemon must use privilege separation.xccdf_pcf.pci.SV-90529r2_rule_services mediumCCI-000366 CM-6 b
The SSH daemon must use privilege separation.
Rule ID
xccdf_pcf.pci.SV-90529r2_rule_services
Result
pass
Time
2020-05-05T17:46:41
Severity
medium
Identifiers and References
Identifiers: CCI-000366, CM-6 b
All networked systems must have and implement SSH to protect the confidentiality and integrity of transmitted and received information, as well as information during preparation for transmission.xccdf_pcf.pci.SV-90537r1-1_rule_services highCCI-002418 CCI-002420 CCI-002421 CCI-002422 SC-8
All networked systems must have and implement SSH to protect the confidentiality and integrity of transmitted and received information, as well as information during preparation for transmission.
Rule ID
xccdf_pcf.pci.SV-90537r1-1_rule_services
Result
pass
Time
2020-05-05T17:46:42
Severity
high
Identifiers and References
Identifiers: CCI-002418, CCI-002420, CCI-002421, CCI-002422, SC-8
All networked systems must have and implement SSH to protect the confidentiality and integrity of transmitted and received information, as well as information during preparation for transmission.xccdf_pcf.pci.SV-90537r1-2_rule_services highCCI-002418 CCI-002420 CCI-002421 CCI-002422 SC-8
All networked systems must have and implement SSH to protect the confidentiality and integrity of transmitted and received information, as well as information during preparation for transmission.
Rule ID
xccdf_pcf.pci.SV-90537r1-2_rule_services
Result
pass
Time
2020-05-05T17:46:42
Severity
high
Identifiers and References
Identifiers: CCI-002418, CCI-002420, CCI-002421, CCI-002422, SC-8
All networked systems must have and implement SSH to protect the confidentiality and integrity of transmitted and received information, as well as information during preparation for transmission.xccdf_pcf.pci.SV-90537r1-3_rule_services highCCI-002418 CCI-002420 CCI-002421 CCI-002422 SC-8
All networked systems must have and implement SSH to protect the confidentiality and integrity of transmitted and received information, as well as information during preparation for transmission.
Rule ID
xccdf_pcf.pci.SV-90537r1-3_rule_services
Result
pass
Time
2020-05-05T17:46:42
Severity
high
Identifiers and References
Identifiers: CCI-002418, CCI-002420, CCI-002421, CCI-002422, SC-8
All networked systems must have and implement SSH to protect the confidentiality and integrity of transmitted and received information, as well as information during preparation for transmission.xccdf_pcf.pci.SV-90537r1-4_rule_services highCCI-002418 CCI-002420 CCI-002421 CCI-002422 SC-8
All networked systems must have and implement SSH to protect the confidentiality and integrity of transmitted and received information, as well as information during preparation for transmission.
Rule ID
xccdf_pcf.pci.SV-90537r1-4_rule_services
Result
pass
Time
2020-05-05T17:46:42
Severity
high
Identifiers and References
Identifiers: CCI-002418, CCI-002420, CCI-002421, CCI-002422, SC-8
All remote access methods must be monitored.xccdf_pcf.pci.SV-90543r2_rule_services mediumCCI-000067 AC-17 (1)
All remote access methods must be monitored.
Rule ID
xccdf_pcf.pci.SV-90543r2_rule_services
Result
pass
Time
2020-05-05T17:46:42
Severity
medium
Identifiers and References
Identifiers: CCI-000067, AC-17 (1)
Cron logging must be implemented.xccdf_pcf.pci.SV-90545r2_rule_services mediumCCI-000366 CM-6 b
Cron logging must be implemented.
Rule ID
xccdf_pcf.pci.SV-90545r2_rule_services
Result
pass
Time
2020-05-05T17:46:42
Severity
medium
Identifiers and References
Identifiers: CCI-000366, CM-6 b
The Ubuntu operating system must be configured to use TCP syncookies.xccdf_pcf.pci.SV-90549r2_rule_services mediumCCI-001095 SC-5 (2)
The Ubuntu operating system must be configured to use TCP syncookies.
Rule ID
xccdf_pcf.pci.SV-90549r2_rule_services
Result
pass
Time
2020-05-05T17:46:42
Severity
medium
Identifiers and References
Identifiers: CCI-001095, SC-5 (2)
For Ubuntu operating systems using Domain Name Servers (DNS) resolution, at least two name servers must be configured.xccdf_pcf.pci.SV-90551r2_rule_services lowCCI-000366 CM-6 b
For Ubuntu operating systems using Domain Name Servers (DNS) resolution, at least two name servers must be configured.
Rule ID
xccdf_pcf.pci.SV-90551r2_rule_services
Result
pass
Time
2020-05-05T17:46:42
Severity
low
Identifiers and References
Identifiers: CCI-000366, CM-6 b
The Ubuntu operating system must not forward Internet Protocol version 4 (IPv4) source-routed packets.xccdf_pcf.pci.SV-90553r3_rule_services mediumCCI-000366 CM-6 b
The Ubuntu operating system must not forward Internet Protocol version 4 (IPv4) source-routed packets.
Rule ID
xccdf_pcf.pci.SV-90553r3_rule_services
Result
pass
Time
2020-05-05T17:46:42
Severity
medium
Identifiers and References
Identifiers: CCI-000366, CM-6 b
The Ubuntu operating system must not forward Internet Protocol version 4 (IPv4) source-routed packets by default.xccdf_pcf.pci.SV-90555r3_rule_services mediumCCI-000366 CM-6 b
The Ubuntu operating system must not forward Internet Protocol version 4 (IPv4) source-routed packets by default.
Rule ID
xccdf_pcf.pci.SV-90555r3_rule_services
Result
pass
Time
2020-05-05T17:46:42
Severity
medium
Identifiers and References
Identifiers: CCI-000366, CM-6 b
The Ubuntu operating system must not respond to Internet Protocol version 4 (IPv4) Internet Control Message Protocol (ICMP) echoes sent to a broadcast address.xccdf_pcf.pci.SV-90557r2_rule_services mediumCCI-000366 CM-6 b
The Ubuntu operating system must not respond to Internet Protocol version 4 (IPv4) Internet Control Message Protocol (ICMP) echoes sent to a broadcast address.
Rule ID
xccdf_pcf.pci.SV-90557r2_rule_services
Result
pass
Time
2020-05-05T17:46:42
Severity
medium
Identifiers and References
Identifiers: CCI-000366, CM-6 b
The Ubuntu operating system must prevent Internet Protocol version 4 (IPv4) Internet Control Message Protocol (ICMP) redirect messages from being accepted.xccdf_pcf.pci.SV-90559r3_rule_services mediumCCI-000366 CM-6 b
The Ubuntu operating system must prevent Internet Protocol version 4 (IPv4) Internet Control Message Protocol (ICMP) redirect messages from being accepted.
Rule ID
xccdf_pcf.pci.SV-90559r3_rule_services
Result
pass
Time
2020-05-05T17:46:42
Severity
medium
Identifiers and References
Identifiers: CCI-000366, CM-6 b
The Ubuntu operating system must ignore Internet Protocol version 4 (IPv4) Internet Control Message Protocol (ICMP) redirect messages.xccdf_pcf.pci.SV-90561r2_rule_services mediumCCI-000366 CM-6 b
The Ubuntu operating system must ignore Internet Protocol version 4 (IPv4) Internet Control Message Protocol (ICMP) redirect messages.
Rule ID
xccdf_pcf.pci.SV-90561r2_rule_services
Result
pass
Time
2020-05-05T17:46:42
Severity
medium
Identifiers and References
Identifiers: CCI-000366, CM-6 b
The Ubuntu operating system must not allow interfaces to perform Internet Protocol version 4 (IPv4) Internet Control Message Protocol (ICMP) redirects by default.xccdf_pcf.pci.SV-90563r2_rule_services mediumCCI-000366 CM-6 b
The Ubuntu operating system must not allow interfaces to perform Internet Protocol version 4 (IPv4) Internet Control Message Protocol (ICMP) redirects by default.
Rule ID
xccdf_pcf.pci.SV-90563r2_rule_services
Result
pass
Time
2020-05-05T17:46:42
Severity
medium
Identifiers and References
Identifiers: CCI-000366, CM-6 b
The Ubuntu operating system must not send Internet Protocol version 4 (IPv4) Internet Control Message Protocol (ICMP) redirects.xccdf_pcf.pci.SV-90565r2_rule_services mediumCCI-000366 CM-6 b
The Ubuntu operating system must not send Internet Protocol version 4 (IPv4) Internet Control Message Protocol (ICMP) redirects.
Rule ID
xccdf_pcf.pci.SV-90565r2_rule_services
Result
pass
Time
2020-05-05T17:46:42
Severity
medium
Identifiers and References
Identifiers: CCI-000366, CM-6 b
The Ubuntu operating system must not be performing packet forwarding unless the system is a router.xccdf_pcf.pci.SV-90567r2_rule_services mediumCCI-000366 CM-6 b
The Ubuntu operating system must not be performing packet forwarding unless the system is a router.
Rule ID
xccdf_pcf.pci.SV-90567r2_rule_services
Result
pass
Time
2020-05-05T17:46:42
Severity
medium
Identifiers and References
Identifiers: CCI-000366, CM-6 b
Network interfaces must not be in promiscuous mode.xccdf_pcf.pci.SV-90569r2_rule_services mediumCCI-000366 CM-6 b
Network interfaces must not be in promiscuous mode.
Rule ID
xccdf_pcf.pci.SV-90569r2_rule_services
Result
pass
Time
2020-05-05T17:46:42
Severity
medium
Identifiers and References
Identifiers: CCI-000366, CM-6 b
The Ubuntu operating system must be configured to prevent unrestricted mail relaying.xccdf_pcf.pci.SV-90571r2_rule_services mediumCCI-000366 CM-6 b
The Ubuntu operating system must be configured to prevent unrestricted mail relaying.
Rule ID
xccdf_pcf.pci.SV-90571r2_rule_services
Result
pass
Time
2020-05-05T17:46:42
Severity
medium
Identifiers and References
Identifiers: CCI-000366, CM-6 b
The Information System Security Officer (ISSO) and System Administrator (SA) (at a minimum) must have mail aliases to be notified of an audit processing failure.xccdf_pcf.pci.SV-90573r2_rule_services mediumCCI-000139 AU-5 a
The Information System Security Officer (ISSO) and System Administrator (SA) (at a minimum) must have mail aliases to be notified of an audit processing failure.
Rule ID
xccdf_pcf.pci.SV-90573r2_rule_services
Result
pass
Time
2020-05-05T17:46:42
Severity
medium
Identifiers and References
Identifiers: CCI-000139, AU-5 a
A File Transfer Protocol (FTP) server package must not be installed unless needed.xccdf_pcf.pci.SV-90575r1_rule_services highCCI-000366 CM-6 b
A File Transfer Protocol (FTP) server package must not be installed unless needed.
Rule ID
xccdf_pcf.pci.SV-90575r1_rule_services
Result
pass
Time
2020-05-05T17:46:42
Severity
high
Identifiers and References
Identifiers: CCI-000366, CM-6 b
The Trivial File Transfer Protocol (TFTP) server package must not be installed if not required for operational support.xccdf_pcf.pci.SV-90577r2_rule_services highCCI-000318 CCI-000368 CCI-001812 CCI-001813 CCI-001814 CM-6 b
The Trivial File Transfer Protocol (TFTP) server package must not be installed if not required for operational support.
Rule ID
xccdf_pcf.pci.SV-90577r2_rule_services
Result
pass
Time
2020-05-05T17:46:43
Severity
high
Identifiers and References
Identifiers: CCI-000318, CCI-000368, CCI-001812, CCI-001813, CCI-001814, CM-6 b
If the Trivial File Transfer Protocol (TFTP) server is required, the TFTP daemon must be configured to operate in secure mode.xccdf_pcf.pci.SV-90579r1_rule_services mediumCCI-000366 CM-6 b
If the Trivial File Transfer Protocol (TFTP) server is required, the TFTP daemon must be configured to operate in secure mode.
Rule ID
xccdf_pcf.pci.SV-90579r1_rule_services
Result
pass
Time
2020-05-05T17:46:43
Severity
medium
Identifiers and References
Identifiers: CCI-000366, CM-6 b
An X Windows display manager must not be installed unless approved.xccdf_pcf.pci.SV-90581r1_rule_services mediumCCI-000366 CM-6 b
An X Windows display manager must not be installed unless approved.
Rule ID
xccdf_pcf.pci.SV-90581r1_rule_services
Result
pass
Time
2020-05-05T17:46:43
Severity
medium
Identifiers and References
Identifiers: CCI-000366, CM-6 b
Guide to the Secure Configuration of Ubuntu stemcell
with profile base-xenial
Evaluation Characteristics" >
Guide to the Secure Configuration of Ubuntu stemcell
with profile base-xenial
Evaluation Characteristics
| Tile version | 1.2.32 |
|---|---|
| Deployment name | p-compliance-scanner-5802123a3c58ba81f0fe |
| Evaluation target | oscap_store/f3e5ebe1-4ade-4be1-bf58-bcb83c974198 xenial-315.181 |
| Benchmark URL | /var/vcap/data/oscap/benchmarks/Base-Xenial.xml |
| Benchmark ID | xccdf_org.pci.content_benchmark_ubuntu_stemcell |
| Profile ID | xccdf_org.pci.base-xenial_profile_genx |
| Started at | 2020-05-05T17:46:07 |
| Finished at | 2020-05-05T17:46:43 |
| Performed by | Compliance Scanner for VMware Tanzu |
CPE Platforms
- cpe:/o:canonical:ubuntu_linux:0.0
Addresses
- IPv4 127.0.0.1
- IPv4 169.254.0.2
- IPv4 10.0.4.28
- MAC 00:00:00:00:00:00
- MAC 42:01:0A:00:04:1C
Compliance and Scoring
The target system did not satisfy the conditions of 2 rules! Please review rule results and consider applying remediation.
Rule results
Severity of failed rules
Score
| Scoring system | Score | Maximum | Percent |
|---|---|---|---|
| urn:xccdf:scoring:default | 98.684212 | 100.000000 |
|
Rule Overview
Result Details
The Ubuntu operating system must be a vendor supported release.xccdf_pcf.pci.SV-90069r1_rule_services highCCI-001230 CM-6 b
The Ubuntu operating system must be a vendor supported release.
| Rule ID | xccdf_pcf.pci.SV-90069r1_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:07 |
| Severity | high |
| Identifiers and References | Identifiers: CCI-001230, CM-6 b |
The Ubuntu operating system must display the Standard Mandatory DoD Notice and Consent Banner before granting local or remote access to the system via a graphical user logon.xccdf_pcf.pci.SV-90073r2_rule_services mediumCCI-000048 CCI-001384 CCI-001385 CCI-001386 CCI-001387 CCI-001388 AC-8 a
The Ubuntu operating system must display the Standard Mandatory DoD Notice and Consent Banner before granting local or remote access to the system via a graphical user logon.
| Rule ID | xccdf_pcf.pci.SV-90073r2_rule_services |
| Result |
notchecked
|
| Time | 2020-05-05T17:46:07 |
| Severity | medium |
| Identifiers and References | Identifiers: CCI-000048, CCI-001384, CCI-001385, CCI-001386, CCI-001387, CCI-001388, AC-8 a |
The Ubuntu operating system must display the Standard Mandatory DoD Notice and Consent Banner before granting local or remote access to the system via a command line user logon.xccdf_pcf.pci.SV-90115r2_rule_services mediumCCI-000048 CCI-001384 CCI-001385 CCI-001386 CCI-001387 CCI-001388 AC-8 a
The Ubuntu operating system must display the Standard Mandatory DoD Notice and Consent Banner before granting local or remote access to the system via a command line user logon.
| Rule ID | xccdf_pcf.pci.SV-90115r2_rule_services |
| Result |
fail
|
| Time | 2020-05-05T17:46:07 |
| Severity | medium |
| Identifiers and References | Identifiers: CCI-000048, CCI-001384, CCI-001385, CCI-001386, CCI-001387, CCI-001388, AC-8 a |
The Ubuntu operating system must enforce password complexity by requiring that at least one upper-case character be used.xccdf_pcf.pci.SV-90129r2_rule_services mediumCCI-000192 IA-5 (1) (a)
The Ubuntu operating system must enforce password complexity by requiring that at least one upper-case character be used.
| Rule ID | xccdf_pcf.pci.SV-90129r2_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:07 |
| Severity | medium |
| Identifiers and References | Identifiers: CCI-000192, IA-5 (1) (a) |
The Ubuntu operating system must enforce password complexity by requiring that at least one lower-case character be used.xccdf_pcf.pci.SV-90131r2_rule_services mediumCCI-000193 IA-5 (1) (a)
The Ubuntu operating system must enforce password complexity by requiring that at least one lower-case character be used.
| Rule ID | xccdf_pcf.pci.SV-90131r2_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:07 |
| Severity | medium |
| Identifiers and References | Identifiers: CCI-000193, IA-5 (1) (a) |
The Ubuntu operating system must enforce password complexity by requiring that at least one numeric character be used.xccdf_pcf.pci.SV-90133r2_rule_services mediumCCI-000194 IA-5 (1) (a)
The Ubuntu operating system must enforce password complexity by requiring that at least one numeric character be used.
| Rule ID | xccdf_pcf.pci.SV-90133r2_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:07 |
| Severity | medium |
| Identifiers and References | Identifiers: CCI-000194, IA-5 (1) (a) |
All passwords must contain at least one special character.xccdf_pcf.pci.SV-90135r2_rule_services mediumCCI-001619 IA-5 (1) (a)
All passwords must contain at least one special character.
| Rule ID | xccdf_pcf.pci.SV-90135r2_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:07 |
| Severity | medium |
| Identifiers and References | Identifiers: CCI-001619, IA-5 (1) (a) |
The Ubuntu operating system must encrypt all stored passwords with a FIPS 140-2 approved cryptographic hashing algorithm.xccdf_pcf.pci.SV-90139r1_rule_services mediumCCI-000196 CCI-000803 IA-5 (1) (c)
The Ubuntu operating system must encrypt all stored passwords with a FIPS 140-2 approved cryptographic hashing algorithm.
| Rule ID | xccdf_pcf.pci.SV-90139r1_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:07 |
| Severity | medium |
| Identifiers and References | Identifiers: CCI-000196, CCI-000803, IA-5 (1) (c) |
The Ubuntu operating system must employ a FIPS 140-2 approved cryptographic hashing algorithms for all stored passwords.xccdf_pcf.pci.SV-90141r1_rule_services mediumCCI-000196 CCI-000803 IA-5 (1) (c)
The Ubuntu operating system must employ a FIPS 140-2 approved cryptographic hashing algorithms for all stored passwords.
| Rule ID | xccdf_pcf.pci.SV-90141r1_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:07 |
| Severity | medium |
| Identifiers and References | Identifiers: CCI-000196, CCI-000803, IA-5 (1) (c) |
The pam_unix.so module must use a FIPS 140-2 approved cryptographic hashing algorithm for system authentication.xccdf_pcf.pci.SV-90145r2_rule_services mediumCCI-000803 IA-7
The pam_unix.so module must use a FIPS 140-2 approved cryptographic hashing algorithm for system authentication.
| Rule ID | xccdf_pcf.pci.SV-90145r2_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:07 |
| Severity | medium |
| Identifiers and References | Identifiers: CCI-000803, IA-7 |
Emergency administrator accounts must never be automatically removed or disabled.xccdf_pcf.pci.SV-90149r1-1_rule_services mediumCCI-001682 AC-2 (2)
Emergency administrator accounts must never be automatically removed or disabled.
| Rule ID | xccdf_pcf.pci.SV-90149r1-1_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:07 |
| Severity | medium |
| Identifiers and References | Identifiers: CCI-001682, AC-2 (2) |
Emergency administrator accounts must never be automatically removed or disabled.xccdf_pcf.pci.SV-90149r1-2_rule_services mediumCCI-001682 AC-2 (2)
Emergency administrator accounts must never be automatically removed or disabled.
| Rule ID | xccdf_pcf.pci.SV-90149r1-2_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:07 |
| Severity | medium |
| Identifiers and References | Identifiers: CCI-001682, AC-2 (2) |
Passwords for new users must have a 24 hours/1 day minimum password lifetime restriction.xccdf_pcf.pci.SV-90151r2_rule_services mediumCCI-000198 IA-5 (1) (d)
Passwords for new users must have a 24 hours/1 day minimum password lifetime restriction.
| Rule ID | xccdf_pcf.pci.SV-90151r2_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:07 |
| Severity | medium |
| Identifiers and References | Identifiers: CCI-000198, IA-5 (1) (d) |
Passwords for new users must have a 60-day maximum password lifetime restriction.xccdf_pcf.pci.SV-90153r2_rule_services mediumCCI-000199 IA-5 (1) (d)
Passwords for new users must have a 60-day maximum password lifetime restriction.
| Rule ID | xccdf_pcf.pci.SV-90153r2_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:08 |
| Severity | medium |
| Identifiers and References | Identifiers: CCI-000199, IA-5 (1) (d) |
Passwords must be prohibited from reuse for a minimum of five generations.xccdf_pcf.pci.SV-90155r2_rule_services mediumCCI-000200 IA-5 (1) (e)
Passwords must be prohibited from reuse for a minimum of five generations.
| Rule ID | xccdf_pcf.pci.SV-90155r2_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:08 |
| Severity | medium |
| Identifiers and References | Identifiers: CCI-000200, IA-5 (1) (e) |
The Ubuntu operating system must not have accounts configured with blank or null passwords.xccdf_pcf.pci.SV-90159r1_rule_services highCCI-000366 CM-6 b
The Ubuntu operating system must not have accounts configured with blank or null passwords.
| Rule ID | xccdf_pcf.pci.SV-90159r1_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:08 |
| Severity | high |
| Identifiers and References | Identifiers: CCI-000366, CM-6 b |
The passwd command must be configured to prevent the use of dictionary words as passwords.xccdf_pcf.pci.SV-90163r1_rule_services mediumCCI-000366 CM-6 b
The passwd command must be configured to prevent the use of dictionary words as passwords.
| Rule ID | xccdf_pcf.pci.SV-90163r1_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:08 |
| Severity | medium |
| Identifiers and References | Identifiers: CCI-000366, CM-6 b |
The Ubuntu operating system must display the date and time of the last successful account logon upon logon.xccdf_pcf.pci.SV-90177r1_rule_services lowCCI-000366 CM-6 b
The Ubuntu operating system must display the date and time of the last successful account logon upon logon.
| Rule ID | xccdf_pcf.pci.SV-90177r1_rule_services |
| Result |
fail
|
| Time | 2020-05-05T17:46:08 |
| Severity | low |
| Identifiers and References | Identifiers: CCI-000366, CM-6 b |
There must be no .shosts files on the Ubuntu operating system.xccdf_pcf.pci.SV-90179r1_rule_services highCCI-000366 CM-6 b
There must be no .shosts files on the Ubuntu operating system.
| Rule ID | xccdf_pcf.pci.SV-90179r1_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:20 |
| Severity | high |
| Identifiers and References | Identifiers: CCI-000366, CM-6 b |
There must be no shosts.equiv files on the Ubuntu operating system.xccdf_pcf.pci.SV-90181r2_rule_services highCCI-000366 CM-6 b
There must be no shosts.equiv files on the Ubuntu operating system.
| Rule ID | xccdf_pcf.pci.SV-90181r2_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:21 |
| Severity | high |
| Identifiers and References | Identifiers: CCI-000366, CM-6 b |
All public directories must be owned by root to prevent unauthorized and unintended information transferred via shared system resources.xccdf_pcf.pci.SV-90191r1_rule_services mediumCCI-001090 SC-4
All public directories must be owned by root to prevent unauthorized and unintended information transferred via shared system resources.
| Rule ID | xccdf_pcf.pci.SV-90191r1_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:21 |
| Severity | medium |
| Identifiers and References | Identifiers: CCI-001090, SC-4 |
All world-writable directories must be group-owned by root, sys, bin, or an application group.xccdf_pcf.pci.SV-90193r3_rule_services mediumCCI-001090 SC-4
All world-writable directories must be group-owned by root, sys, bin, or an application group.
| Rule ID | xccdf_pcf.pci.SV-90193r3_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:22 |
| Severity | medium |
| Identifiers and References | Identifiers: CCI-001090, SC-4 |
Advance package Tool (APT) must be configured to prevent the installation of patches, service packs, device drivers, or Ubuntu operating system components without verification they have been digitally signed using a certificate that is recognized and approved by the organization.xccdf_pcf.pci.SV-90207r2_rule_services mediumCCI-001749 CM-5 (3)
Advance package Tool (APT) must be configured to prevent the installation of patches, service packs, device drivers, or Ubuntu operating system components without verification they have been digitally signed using a certificate that is recognized and approved by the organization.
| Rule ID | xccdf_pcf.pci.SV-90207r2_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:22 |
| Severity | medium |
| Identifiers and References | Identifiers: CCI-001749, CM-5 (3) |
Automatic mounting of Universal Serial Bus (USB) mass storage driver must be disabled.xccdf_pcf.pci.SV-90211r2_rule_services mediumCCI-001958 IA-3
Automatic mounting of Universal Serial Bus (USB) mass storage driver must be disabled.
| Rule ID | xccdf_pcf.pci.SV-90211r2_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:22 |
| Severity | medium |
| Identifiers and References | Identifiers: CCI-001958, IA-3 |
File system automounter must be disabled unless required.xccdf_pcf.pci.SV-90213r2_rule_services mediumCCI-000366 CCI-000778 CCI-001958 IA-3
File system automounter must be disabled unless required.
| Rule ID | xccdf_pcf.pci.SV-90213r2_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:22 |
| Severity | medium |
| Identifiers and References | Identifiers: CCI-000366, CCI-000778, CCI-001958, IA-3 |
Pam_Apparmor must be configured to allow system administrators to pass information to any other Ubuntu operating system administrator or user, change security attributes, and to confine all non-privileged users from executing functions to include disabling, circumventing, or altering implemented security safeguards/countermeasures.xccdf_pcf.pci.SV-90215r2_rule_services mediumCCI-002165 CCI-002235 AC-3 (4)
Pam_Apparmor must be configured to allow system administrators to pass information to any other Ubuntu operating system administrator or user, change security attributes, and to confine all non-privileged users from executing functions to include disabling, circumventing, or altering implemented security safeguards/countermeasures.
| Rule ID | xccdf_pcf.pci.SV-90215r2_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:22 |
| Severity | medium |
| Identifiers and References | Identifiers: CCI-002165, CCI-002235, AC-3 (4) |
The Apparmor module must be configured to employ a deny-all, permit-by-exception policy to allow the execution of authorized software programs and limit the ability of non-privileged users to grant other users direct access to the contents of their home directories/foldersxccdf_pcf.pci.SV-90217r2_rule_services mediumCCI-001764 CCI-001774 CM-7 (2)
The Apparmor module must be configured to employ a deny-all, permit-by-exception policy to allow the execution of authorized software programs and limit the ability of non-privileged users to grant other users direct access to the contents of their home directories/folders
| Rule ID | xccdf_pcf.pci.SV-90217r2_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:23 |
| Severity | medium |
| Identifiers and References | Identifiers: CCI-001764, CCI-001774, CM-7 (2) |
The x86 Ctrl-Alt-Delete key sequence must be disabled.xccdf_pcf.pci.SV-90221r2_rule_services highCCI-000366 CM-6 b
The x86 Ctrl-Alt-Delete key sequence must be disabled.
| Rule ID | xccdf_pcf.pci.SV-90221r2_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:23 |
| Severity | high |
| Identifiers and References | Identifiers: CCI-000366, CM-6 b |
Duplicate User IDs (UIDs) must not exist for interactive users.xccdf_pcf.pci.SV-90227r2_rule_services mediumCCI-000764 CCI-000804 CCI-001084 IA-2
Duplicate User IDs (UIDs) must not exist for interactive users.
| Rule ID | xccdf_pcf.pci.SV-90227r2_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:23 |
| Severity | medium |
| Identifiers and References | Identifiers: CCI-000764, CCI-000804, CCI-001084, IA-2 |
The root account must be the only account having unrestricted access to the system.xccdf_pcf.pci.SV-90229r1_rule_services highCCI-000366 CM-6 b
The root account must be the only account having unrestricted access to the system.
| Rule ID | xccdf_pcf.pci.SV-90229r1_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:23 |
| Severity | high |
| Identifiers and References | Identifiers: CCI-000366, CM-6 b |
All files and directories must have a valid owner.xccdf_pcf.pci.SV-90235r1_rule_services mediumCCI-002165 CM-6 b
All files and directories must have a valid owner.
| Rule ID | xccdf_pcf.pci.SV-90235r1_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:25 |
| Severity | medium |
| Identifiers and References | Identifiers: CCI-002165, CM-6 b |
All files and directories must have a valid group owner.xccdf_pcf.pci.SV-90237r1_rule_services mediumCCI-002165 CM-6 b
All files and directories must have a valid group owner.
| Rule ID | xccdf_pcf.pci.SV-90237r1_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:27 |
| Severity | medium |
| Identifiers and References | Identifiers: CCI-002165, CM-6 b |
All local interactive users must have a home directory assigned in the /etc/passwd file.xccdf_pcf.pci.SV-90239r1_rule_services mediumCCI-000366 CM-6 b
All local interactive users must have a home directory assigned in the /etc/passwd file.
| Rule ID | xccdf_pcf.pci.SV-90239r1_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:27 |
| Severity | medium |
| Identifiers and References | Identifiers: CCI-000366, CM-6 b |
All local interactive user home directories defined in the /etc/passwd file must exist.xccdf_pcf.pci.SV-90243r1_rule_services mediumCCI-000366 CM-6 b
All local interactive user home directories defined in the /etc/passwd file must exist.
| Rule ID | xccdf_pcf.pci.SV-90243r1_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:27 |
| Severity | medium |
| Identifiers and References | Identifiers: CCI-000366, CM-6 b |
All local interactive user home directories must be group-owned by the home directory owners primary group.xccdf_pcf.pci.SV-90247r1_rule_services mediumCCI-000366 CM-6 b
All local interactive user home directories must be group-owned by the home directory owners primary group.
| Rule ID | xccdf_pcf.pci.SV-90247r1_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:27 |
| Severity | medium |
| Identifiers and References | Identifiers: CCI-000366, CM-6 b |
All local interactive user initialization files executable search paths must contain only paths that resolve to the system default or the users home directory.xccdf_pcf.pci.SV-90251r1_rule_services mediumCCI-000366 CM-6 b
All local interactive user initialization files executable search paths must contain only paths that resolve to the system default or the users home directory.
| Rule ID | xccdf_pcf.pci.SV-90251r1_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:27 |
| Severity | medium |
| Identifiers and References | Identifiers: CCI-000366, CM-6 b |
Local initialization files must not execute world-writable programs.xccdf_pcf.pci.SV-90253r1_rule_services mediumCCI-000366 CM-6 b
Local initialization files must not execute world-writable programs.
| Rule ID | xccdf_pcf.pci.SV-90253r1_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:34 |
| Severity | medium |
| Identifiers and References | Identifiers: CCI-000366, CM-6 b |
File systems that are being imported via Network File System (NFS) must be mounted to prevent files with the setuid and setguid bit set from being executed.xccdf_pcf.pci.SV-90259r3_rule_services mediumCCI-000366 CM-6 b
File systems that are being imported via Network File System (NFS) must be mounted to prevent files with the setuid and setguid bit set from being executed.
| Rule ID | xccdf_pcf.pci.SV-90259r3_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:34 |
| Severity | medium |
| Identifiers and References | Identifiers: CCI-000366, CM-6 b |
File systems that are being imported via Network File System (NFS) must be mounted to prevent binary files from being executed.xccdf_pcf.pci.SV-90261r2_rule_services mediumCCI-000366 CM-6 b
File systems that are being imported via Network File System (NFS) must be mounted to prevent binary files from being executed.
| Rule ID | xccdf_pcf.pci.SV-90261r2_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:34 |
| Severity | medium |
| Identifiers and References | Identifiers: CCI-000366, CM-6 b |
All world-writable directories must be group-owned by root, sys, bin, or an application group.xccdf_pcf.pci.SV-90263r2_rule_services mediumCCI-000366 CM-6 b
All world-writable directories must be group-owned by root, sys, bin, or an application group.
| Rule ID | xccdf_pcf.pci.SV-90263r2_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:34 |
| Severity | medium |
| Identifiers and References | Identifiers: CCI-000366, CM-6 b |
Kernel core dumps must be disabled unless needed.xccdf_pcf.pci.SV-90265r1_rule_services mediumCCI-000366 CM-6 b
Kernel core dumps must be disabled unless needed.
| Rule ID | xccdf_pcf.pci.SV-90265r1_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:34 |
| Severity | medium |
| Identifiers and References | Identifiers: CCI-000366, CM-6 b |
A separate file system must be used for user home directories (such as /home or an equivalent).xccdf_pcf.pci.SV-90267r2_rule_services mediumCCI-000366 CM-6 b
A separate file system must be used for user home directories (such as /home or an equivalent).
| Rule ID | xccdf_pcf.pci.SV-90267r2_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:34 |
| Severity | medium |
| Identifiers and References | Identifiers: CCI-000366, CM-6 b |
The Ubuntu operating system must use a separate file system for the system audit data path.xccdf_pcf.pci.SV-90271r1_rule_services lowCCI-000366 CM-6 b
The Ubuntu operating system must use a separate file system for the system audit data path.
| Rule ID | xccdf_pcf.pci.SV-90271r1_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:34 |
| Severity | low |
| Identifiers and References | Identifiers: CCI-000366, CM-6 b |
The /var/log directory must be group-owned by syslog.xccdf_pcf.pci.SV-90273r2_rule_services mediumCCI-001314 SI-11 b
The /var/log directory must be group-owned by syslog.
| Rule ID | xccdf_pcf.pci.SV-90273r2_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:35 |
| Severity | medium |
| Identifiers and References | Identifiers: CCI-001314, SI-11 b |
The /var/log directory must be owned by root.xccdf_pcf.pci.SV-90275r2_rule_services mediumCCI-001314 SI-11 b
The /var/log directory must be owned by root.
| Rule ID | xccdf_pcf.pci.SV-90275r2_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:35 |
| Severity | medium |
| Identifiers and References | Identifiers: CCI-001314, SI-11 b |
The /var/log/syslog file must be owned by syslog.xccdf_pcf.pci.SV-90281r2_rule_services mediumCCI-001314 SI-11 b
The /var/log/syslog file must be owned by syslog.
| Rule ID | xccdf_pcf.pci.SV-90281r2_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:35 |
| Severity | medium |
| Identifiers and References | Identifiers: CCI-001314, SI-11 b |
The /var/log/syslog directory must have mode 0640 or less permissive.xccdf_pcf.pci.SV-90283r3_rule_services mediumCCI-001314 SI-11 b
The /var/log/syslog directory must have mode 0640 or less permissive.
| Rule ID | xccdf_pcf.pci.SV-90283r3_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:35 |
| Severity | medium |
| Identifiers and References | Identifiers: CCI-001314, SI-11 b |
Library files must have mode 0755 or less permissive.xccdf_pcf.pci.SV-90285r2_rule_services mediumCCI-001499 CM-5 (6)
Library files must have mode 0755 or less permissive.
| Rule ID | xccdf_pcf.pci.SV-90285r2_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:35 |
| Severity | medium |
| Identifiers and References | Identifiers: CCI-001499, CM-5 (6) |
Library files must be owned by root.xccdf_pcf.pci.SV-90287r2_rule_services mediumCCI-001499 CM-5 (6)
Library files must be owned by root.
| Rule ID | xccdf_pcf.pci.SV-90287r2_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:35 |
| Severity | medium |
| Identifiers and References | Identifiers: CCI-001499, CM-5 (6) |
System commands must have mode 0755 or less permissive.xccdf_pcf.pci.SV-90291r2_rule_services mediumCCI-001499 CM-5 (6)
System commands must have mode 0755 or less permissive.
| Rule ID | xccdf_pcf.pci.SV-90291r2_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:35 |
| Severity | medium |
| Identifiers and References | Identifiers: CCI-001499, CM-5 (6) |
System files must be owned by root.xccdf_pcf.pci.SV-90293r2_rule_services mediumCCI-001499 CM-5 (6)
System files must be owned by root.
| Rule ID | xccdf_pcf.pci.SV-90293r2_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:35 |
| Severity | medium |
| Identifiers and References | Identifiers: CCI-001499, CM-5 (6) |
System files must be group-owned by root.xccdf_pcf.pci.SV-90295r2_rule_services mediumCCI-001499 CM-5 (6)
System files must be group-owned by root.
| Rule ID | xccdf_pcf.pci.SV-90295r2_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:35 |
| Severity | medium |
| Identifiers and References | Identifiers: CCI-001499, CM-5 (6) |
Audit records must contain information to establish what type of events occurred, the source of events, where events occurred, and the outcome of events.xccdf_pcf.pci.SV-90297r1-1_rule_services mediumCCI-000130 CCI-000131 CCI-000132 CCI-000133 CCI-000134 CCI-000135 CCI-000154 CCI-000158 CCI-000172 CCI-001464 CCI-001487 CCI-001814 CCI-001875 CCI-001876 CCI-001877 CCI-001878 CCI-001880 CCI-001914 CCI-002884 AU-3
Audit records must contain information to establish what type of events occurred, the source of events, where events occurred, and the outcome of events.
| Rule ID | xccdf_pcf.pci.SV-90297r1-1_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:35 |
| Severity | medium |
| Identifiers and References | Identifiers: CCI-000130, CCI-000131, CCI-000132, CCI-000133, CCI-000134, CCI-000135, CCI-000154, CCI-000158, CCI-000172, CCI-001464, CCI-001487, CCI-001814, CCI-001875, CCI-001876, CCI-001877, CCI-001878, CCI-001880, CCI-001914, CCI-002884, AU-3 |
Audit records must contain information to establish what type of events occurred, the source of events, where events occurred, and the outcome of events.xccdf_pcf.pci.SV-90297r1-2_rule_services mediumCCI-000130 CCI-000131 CCI-000132 CCI-000133 CCI-000134 CCI-000135 CCI-000154 CCI-000158 CCI-000172 0158 CCI-000172 CCI-001464 CCI-001487 CCI-001814 CCI-001875 CCI-001876 CCI-001877 CCI-001878 CCI-001880 CCI-001914 1880 CCI-001914 CCI-002884 AU-3
Audit records must contain information to establish what type of events occurred, the source of events, where events occurred, and the outcome of events.
| Rule ID | xccdf_pcf.pci.SV-90297r1-2_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:35 |
| Severity | medium |
| Identifiers and References | Identifiers: CCI-000130, CCI-000131, CCI-000132, CCI-000133, CCI-000134, CCI-000135, CCI-000154, CCI-000158, CCI-000172, 0158, CCI-000172, CCI-001464, CCI-001487, CCI-001814, CCI-001875, CCI-001876, CCI-001877, CCI-001878, CCI-001880, CCI-001914, 1880, CCI-001914, CCI-002884, AU-3 |
The auditd service must be running in the Ubuntu operating system.xccdf_pcf.pci.SV-95671r1_rule_services mediumCCI-000366 CM-6 b
The auditd service must be running in the Ubuntu operating system.
| Rule ID | xccdf_pcf.pci.SV-95671r1_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:35 |
| Severity | medium |
| Identifiers and References | Identifiers: CCI-000366, CM-6 b |
The Ubuntu operating system must notify the System Administrator (SA) and Information System Security Officer (ISSO) (at a minimum) via email when allocated audit record storage volume reaches 75% of the repository maximum audit record storage capacity.xccdf_pcf.pci.SV-90303r2_rule_services mediumCCI-001855 AU-5 (1)
The Ubuntu operating system must notify the System Administrator (SA) and Information System Security Officer (ISSO) (at a minimum) via email when allocated audit record storage volume reaches 75% of the repository maximum audit record storage capacity.
| Rule ID | xccdf_pcf.pci.SV-90303r2_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:35 |
| Severity | medium |
| Identifiers and References | Identifiers: CCI-001855, AU-5 (1) |
The System Administrator (SA) and Information System Security Officer (ISSO) (at a minimum) must be alerted of an audit processing failure event.xccdf_pcf.pci.SV-90305r2_rule_services mediumCCI-000139 AU-5 a
The System Administrator (SA) and Information System Security Officer (ISSO) (at a minimum) must be alerted of an audit processing failure event.
| Rule ID | xccdf_pcf.pci.SV-90305r2_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:35 |
| Severity | medium |
| Identifiers and References | Identifiers: CCI-000139, AU-5 a |
The audit system must take appropriate action when the audit storage volume is full.xccdf_pcf.pci.SV-90309r2_rule_services mediumCCI-000140 AU-5 b
The audit system must take appropriate action when the audit storage volume is full.
| Rule ID | xccdf_pcf.pci.SV-90309r2_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:35 |
| Severity | medium |
| Identifiers and References | Identifiers: CCI-000140, AU-5 b |
Audit logs must have a mode of 0600 or less permissive to prevent unauthorized read access.xccdf_pcf.pci.SV-90315r2_rule_services mediumCCI-000162 CCI-000163 CCI-000164 AU-9
Audit logs must have a mode of 0600 or less permissive to prevent unauthorized read access.
| Rule ID | xccdf_pcf.pci.SV-90315r2_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:35 |
| Severity | medium |
| Identifiers and References | Identifiers: CCI-000162, CCI-000163, CCI-000164, AU-9 |
Audit log directories must have a mode of 0750 or less permissive to prevent unauthorized read access.xccdf_pcf.pci.SV-90317r2_rule_services mediumCCI-000162 CCI-000163 CCI-000164 AU-9
Audit log directories must have a mode of 0750 or less permissive to prevent unauthorized read access.
| Rule ID | xccdf_pcf.pci.SV-90317r2_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:35 |
| Severity | medium |
| Identifiers and References | Identifiers: CCI-000162, CCI-000163, CCI-000164, AU-9 |
Audit logs must be owned by root to prevent unauthorized read access.xccdf_pcf.pci.SV-90319r2_rule_services mediumCCI-000162 CCI-000163 CCI-000164 AU-9
Audit logs must be owned by root to prevent unauthorized read access.
| Rule ID | xccdf_pcf.pci.SV-90319r2_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:35 |
| Severity | medium |
| Identifiers and References | Identifiers: CCI-000162, CCI-000163, CCI-000164, AU-9 |
Audit logs must be group-owned by root to prevent unauthorized read access.xccdf_pcf.pci.SV-90321r2_rule_services mediumCCI-001314 AU-9
Audit logs must be group-owned by root to prevent unauthorized read access.
| Rule ID | xccdf_pcf.pci.SV-90321r2_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:35 |
| Severity | medium |
| Identifiers and References | Identifiers: CCI-001314, AU-9 |
Audit log directory must be owned by root to prevent unauthorized read access.xccdf_pcf.pci.SV-90323r2_rule_services mediumCCI-000162 CCI-000163 CCI-000164 AU-9
Audit log directory must be owned by root to prevent unauthorized read access.
| Rule ID | xccdf_pcf.pci.SV-90323r2_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:35 |
| Severity | medium |
| Identifiers and References | Identifiers: CCI-000162, CCI-000163, CCI-000164, AU-9 |
Audit log directory must be group-owned by root to prevent unauthorized read access.xccdf_pcf.pci.SV-90325r2_rule_services mediumCCI-000162 CCI-000163 CCI-000164 AU-9
Audit log directory must be group-owned by root to prevent unauthorized read access.
| Rule ID | xccdf_pcf.pci.SV-90325r2_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:35 |
| Severity | medium |
| Identifiers and References | Identifiers: CCI-000162, CCI-000163, CCI-000164, AU-9 |
The Ubuntu operating system must allow only the Information System Security Manager (ISSM) (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited.xccdf_pcf.pci.SV-90327r1-1_rule_services mediumCCI-000171 AU-12 b
The Ubuntu operating system must allow only the Information System Security Manager (ISSM) (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited.
| Rule ID | xccdf_pcf.pci.SV-90327r1-1_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:35 |
| Severity | medium |
| Identifiers and References | Identifiers: CCI-000171, AU-12 b |
The Ubuntu operating system must allow only the Information System Security Manager (ISSM) (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited.xccdf_pcf.pci.SV-90327r1-2_rule_services mediumCCI-000171 AU-12 b
The Ubuntu operating system must allow only the Information System Security Manager (ISSM) (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited.
| Rule ID | xccdf_pcf.pci.SV-90327r1-2_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:35 |
| Severity | medium |
| Identifiers and References | Identifiers: CCI-000171, AU-12 b |
The audit log files must be owned by root.xccdf_pcf.pci.SV-90329r2_rule_services mediumCCI-001314 SI-11 b
The audit log files must be owned by root.
| Rule ID | xccdf_pcf.pci.SV-90329r2_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:35 |
| Severity | medium |
| Identifiers and References | Identifiers: CCI-001314, SI-11 b |
The audit log files in the Ubuntu operating system must have mode 0640 or less permissive.xccdf_pcf.pci.SV-95675r1_rule_services mediumCCI-001314 SI-11 b
The audit log files in the Ubuntu operating system must have mode 0640 or less permissive.
| Rule ID | xccdf_pcf.pci.SV-95675r1_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:35 |
| Severity | medium |
| Identifiers and References | Identifiers: CCI-001314, SI-11 b |
Audit tools must have a mode of 0755 or less permissive.xccdf_pcf.pci.SV-90333r2_rule_services mediumCCI-001493 CCI-001494 CCI-001495 AU-9
Audit tools must have a mode of 0755 or less permissive.
| Rule ID | xccdf_pcf.pci.SV-90333r2_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:35 |
| Severity | medium |
| Identifiers and References | Identifiers: CCI-001493, CCI-001494, CCI-001495, AU-9 |
Audit tools must be owned by root.xccdf_pcf.pci.SV-90335r2_rule_services mediumCCI-001493 CCI-001494 CCI-001495 AU-9
Audit tools must be owned by root.
| Rule ID | xccdf_pcf.pci.SV-90335r2_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:35 |
| Severity | medium |
| Identifiers and References | Identifiers: CCI-001493, CCI-001494, CCI-001495, AU-9 |
Audit tools must be group-owned by root.xccdf_pcf.pci.SV-90337r2_rule_services mediumCCI-001493 CCI-001494 CCI-001495 AU-9
Audit tools must be group-owned by root.
| Rule ID | xccdf_pcf.pci.SV-90337r2_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:35 |
| Severity | medium |
| Identifiers and References | Identifiers: CCI-001493, CCI-001494, CCI-001495, AU-9 |
The Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.xccdf_pcf.pci.SV-90341r3_rule_services mediumCCI-000130 CCI-000135 CCI-000169 CCI-000172 CCI-002132 CCI-002884 AU-3
The Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.
| Rule ID | xccdf_pcf.pci.SV-90341r3_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:35 |
| Severity | medium |
| Identifiers and References | Identifiers: CCI-000130, CCI-000135, CCI-000169, CCI-000172, CCI-002132, CCI-002884, AU-3 |
The Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group.xccdf_pcf.pci.SV-90343r3_rule_services mediumCCI-000130 CCI-000135 CCI-000169 CCI-000172 CCI-002132 CCI-002884 AU-3
The Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group.
| Rule ID | xccdf_pcf.pci.SV-90343r3_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:35 |
| Severity | medium |
| Identifiers and References | Identifiers: CCI-000130, CCI-000135, CCI-000169, CCI-000172, CCI-002132, CCI-002884, AU-3 |
The Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/gshadow.xccdf_pcf.pci.SV-90345r3_rule_services mediumCCI-000130 CCI-000135 CCI-000169 CCI-000172 CCI-002132 CCI-002884 AU-3
The Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/gshadow.
| Rule ID | xccdf_pcf.pci.SV-90345r3_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:35 |
| Severity | medium |
| Identifiers and References | Identifiers: CCI-000130, CCI-000135, CCI-000169, CCI-000172, CCI-002132, CCI-002884, AU-3 |
The Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow.xccdf_pcf.pci.SV-90347r3_rule_services mediumCCI-000130 CCI-000135 CCI-000169 CCI-000172 CCI-002132 CCI-002884 AU-3
The Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow.
| Rule ID | xccdf_pcf.pci.SV-90347r3_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:35 |
| Severity | medium |
| Identifiers and References | Identifiers: CCI-000130, CCI-000135, CCI-000169, CCI-000172, CCI-002132, CCI-002884, AU-3 |
The Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/security/opasswd.xccdf_pcf.pci.SV-90367r3_rule_services mediumCCI-000130 CCI-000135 CCI-000169 CCI-000172 CCI-002132 CCI-002884 AU-3
The Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/security/opasswd.
| Rule ID | xccdf_pcf.pci.SV-90367r3_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:35 |
| Severity | medium |
| Identifiers and References | Identifiers: CCI-000130, CCI-000135, CCI-000169, CCI-000172, CCI-002132, CCI-002884, AU-3 |
The audit system must be configured to audit the execution of privileged functions and prevent all software from executing at higher privilege levels than users executing the software.xccdf_pcf.pci.SV-90369r2_rule_services mediumCCI-002233 CCI-002234 AC-6 (8)
The audit system must be configured to audit the execution of privileged functions and prevent all software from executing at higher privilege levels than users executing the software.
| Rule ID | xccdf_pcf.pci.SV-90369r2_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:35 |
| Severity | medium |
| Identifiers and References | Identifiers: CCI-002233, CCI-002234, AC-6 (8) |
Successful/unsuccessful uses of the su command must generate an audit record.xccdf_pcf.pci.SV-90371r3_rule_services mediumCCI-000130 CCI-000135 CCI-000169 CCI-000172 CCI-002132 CCI-002884 AU-3
Successful/unsuccessful uses of the su command must generate an audit record.
| Rule ID | xccdf_pcf.pci.SV-90371r3_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:35 |
| Severity | medium |
| Identifiers and References | Identifiers: CCI-000130, CCI-000135, CCI-000169, CCI-000172, CCI-002132, CCI-002884, AU-3 |
Successful/unsuccessful uses of the chfn command must generate an audit record.xccdf_pcf.pci.SV-90373r3_rule_services mediumCCI-000130 CCI-000135 CCI-000169 CCI-000172 CCI-002884 AU-3
Successful/unsuccessful uses of the chfn command must generate an audit record.
| Rule ID | xccdf_pcf.pci.SV-90373r3_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:35 |
| Severity | medium |
| Identifiers and References | Identifiers: CCI-000130, CCI-000135, CCI-000169, CCI-000172, CCI-002884, AU-3 |
Successful/unsuccessful uses of the mount command must generate an audit record.xccdf_pcf.pci.SV-90375r3_rule_services lowCCI-000130 CCI-000135 CCI-000169 CCI-000172 CCI-002884 AU-3
Successful/unsuccessful uses of the mount command must generate an audit record.
| Rule ID | xccdf_pcf.pci.SV-90375r3_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:35 |
| Severity | low |
| Identifiers and References | Identifiers: CCI-000130, CCI-000135, CCI-000169, CCI-000172, CCI-002884, AU-3 |
Successful/unsuccessful uses of the umount command must generate an audit record.xccdf_pcf.pci.SV-90377r3_rule_services mediumCCI-000135 CCI-000172 CCI-002884 AU-3 (1)
Successful/unsuccessful uses of the umount command must generate an audit record.
| Rule ID | xccdf_pcf.pci.SV-90377r3_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:35 |
| Severity | medium |
| Identifiers and References | Identifiers: CCI-000135, CCI-000172, CCI-002884, AU-3 (1) |
Successful/unsuccessful uses of the ssh-agent command must generate an audit record.xccdf_pcf.pci.SV-90379r3_rule_services mediumCCI-000130 CCI-000135 CCI-000169 CCI-000172 CCI-002884 AU-3
Successful/unsuccessful uses of the ssh-agent command must generate an audit record.
| Rule ID | xccdf_pcf.pci.SV-90379r3_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:35 |
| Severity | medium |
| Identifiers and References | Identifiers: CCI-000130, CCI-000135, CCI-000169, CCI-000172, CCI-002884, AU-3 |
Successful/unsuccessful uses of the ssh-keysign command must generate an audit record.xccdf_pcf.pci.SV-90387r3_rule_services mediumCCI-000130 CCI-000135 CCI-000169 CCI-000172 CCI-002884 AU-3
Successful/unsuccessful uses of the ssh-keysign command must generate an audit record.
| Rule ID | xccdf_pcf.pci.SV-90387r3_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:35 |
| Severity | medium |
| Identifiers and References | Identifiers: CCI-000130, CCI-000135, CCI-000169, CCI-000172, CCI-002884, AU-3 |
The audit system must be configured to audit any usage of the insmod command.xccdf_pcf.pci.SV-90389r2_rule_services mediumCCI-000130 CCI-000135 CCI-000169 CCI-000172 CCI-002884 AU-3
The audit system must be configured to audit any usage of the insmod command.
| Rule ID | xccdf_pcf.pci.SV-90389r2_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:35 |
| Severity | medium |
| Identifiers and References | Identifiers: CCI-000130, CCI-000135, CCI-000169, CCI-000172, CCI-002884, AU-3 |
The audit system must be configured to audit any usage of the rmmod command.xccdf_pcf.pci.SV-90391r2_rule_services mediumCCI-000130 CCI-000135 CCI-000169 CCI-000172 CCI-002884 AU-3
The audit system must be configured to audit any usage of the rmmod command.
| Rule ID | xccdf_pcf.pci.SV-90391r2_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:35 |
| Severity | medium |
| Identifiers and References | Identifiers: CCI-000130, CCI-000135, CCI-000169, CCI-000172, CCI-002884, AU-3 |
The audit system must be configured to audit any usage of the modprobe command.xccdf_pcf.pci.SV-90393r2_rule_services mediumCCI-000130 CCI-000135 CCI-000169 CCI-000172 CCI-002884 AU-3
The audit system must be configured to audit any usage of the modprobe command.
| Rule ID | xccdf_pcf.pci.SV-90393r2_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:35 |
| Severity | medium |
| Identifiers and References | Identifiers: CCI-000130, CCI-000135, CCI-000169, CCI-000172, CCI-002884, AU-3 |
The audit system must be configured to audit any usage of the kmod command.xccdf_pcf.pci.SV-90395r2_rule_services mediumCCI-000130 CCI-000135 CCI-000169 CCI-000172 CCI-002884 AU-3
The audit system must be configured to audit any usage of the kmod command.
| Rule ID | xccdf_pcf.pci.SV-90395r2_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:35 |
| Severity | medium |
| Identifiers and References | Identifiers: CCI-000130, CCI-000135, CCI-000169, CCI-000172, CCI-002884, AU-3 |
Successful/unsuccessful uses of the chown command must generate an audit record.xccdf_pcf.pci.SV-90409r3_rule_services mediumCCI-000130 CCI-000135 CCI-000169 CCI-000172 CCI-002884 AU-3
Successful/unsuccessful uses of the chown command must generate an audit record.
| Rule ID | xccdf_pcf.pci.SV-90409r3_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:35 |
| Severity | medium |
| Identifiers and References | Identifiers: CCI-000130, CCI-000135, CCI-000169, CCI-000172, CCI-002884, AU-3 |
Successful/unsuccessful uses of the fchown command must generate an audit record.xccdf_pcf.pci.SV-90411r3_rule_services mediumCCI-000130 CCI-000135 CCI-000169 CCI-000172 CCI-002884 AU-3
Successful/unsuccessful uses of the fchown command must generate an audit record.
| Rule ID | xccdf_pcf.pci.SV-90411r3_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:35 |
| Severity | medium |
| Identifiers and References | Identifiers: CCI-000130, CCI-000135, CCI-000169, CCI-000172, CCI-002884, AU-3 |
Successful/unsuccessful uses of the fchownat command must generate an audit record.xccdf_pcf.pci.SV-90413r3_rule_services mediumCCI-000130 CCI-000135 CCI-000169 CCI-000172 CCI-002884 AU-3
Successful/unsuccessful uses of the fchownat command must generate an audit record.
| Rule ID | xccdf_pcf.pci.SV-90413r3_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:35 |
| Severity | medium |
| Identifiers and References | Identifiers: CCI-000130, CCI-000135, CCI-000169, CCI-000172, CCI-002884, AU-3 |
Successful/unsuccessful uses of the lchown command must generate an audit record.xccdf_pcf.pci.SV-90415r3_rule_services mediumCCI-000130 CCI-000135 CCI-000169 CCI-000172 CCI-002884 AU-3
Successful/unsuccessful uses of the lchown command must generate an audit record.
| Rule ID | xccdf_pcf.pci.SV-90415r3_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:35 |
| Severity | medium |
| Identifiers and References | Identifiers: CCI-000130, CCI-000135, CCI-000169, CCI-000172, CCI-002884, AU-3 |
Successful/unsuccessful uses of the chmod command must generate an audit record.xccdf_pcf.pci.SV-90417r3_rule_services mediumCCI-000130 CCI-000135 CCI-000169 CCI-000172 CCI-002884 AU-3
Successful/unsuccessful uses of the chmod command must generate an audit record.
| Rule ID | xccdf_pcf.pci.SV-90417r3_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:35 |
| Severity | medium |
| Identifiers and References | Identifiers: CCI-000130, CCI-000135, CCI-000169, CCI-000172, CCI-002884, AU-3 |
Successful/unsuccessful uses of the fchmod command must generate an audit record.xccdf_pcf.pci.SV-90419r3_rule_services mediumCCI-000130 CCI-000135 CCI-000169 CCI-000172 CCI-002884 AU-3
Successful/unsuccessful uses of the fchmod command must generate an audit record.
| Rule ID | xccdf_pcf.pci.SV-90419r3_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:35 |
| Severity | medium |
| Identifiers and References | Identifiers: CCI-000130, CCI-000135, CCI-000169, CCI-000172, CCI-002884, AU-3 |
Successful/unsuccessful uses of the fchmodat command must generate an audit record.xccdf_pcf.pci.SV-90421r3_rule_services mediumCCI-000130 CCI-000135 CCI-000169 CCI-000172 CCI-002884 AU-3
Successful/unsuccessful uses of the fchmodat command must generate an audit record.
| Rule ID | xccdf_pcf.pci.SV-90421r3_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:35 |
| Severity | medium |
| Identifiers and References | Identifiers: CCI-000130, CCI-000135, CCI-000169, CCI-000172, CCI-002884, AU-3 |
Successful/unsuccessful uses of the open command must generate an audit record.xccdf_pcf.pci.SV-90423r3_rule_services mediumCCI-000130 CCI-000135 CCI-000169 CCI-000172 CCI-002884 AU-3
Successful/unsuccessful uses of the open command must generate an audit record.
| Rule ID | xccdf_pcf.pci.SV-90423r3_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:35 |
| Severity | medium |
| Identifiers and References | Identifiers: CCI-000130, CCI-000135, CCI-000169, CCI-000172, CCI-002884, AU-3 |
Successful/unsuccessful uses of the truncate command must generate an audit record.xccdf_pcf.pci.SV-90425r3_rule_services mediumCCI-000130 CCI-000135 CCI-000169 CCI-000172 CCI-002884 AU-3
Successful/unsuccessful uses of the truncate command must generate an audit record.
| Rule ID | xccdf_pcf.pci.SV-90425r3_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:35 |
| Severity | medium |
| Identifiers and References | Identifiers: CCI-000130, CCI-000135, CCI-000169, CCI-000172, CCI-002884, AU-3 |
Successful/unsuccessful uses of the ftruncate command must generate an audit record.xccdf_pcf.pci.SV-90427r3_rule_services mediumCCI-000130 CCI-000135 CCI-000169 CCI-000172 CCI-002884 AU-3
Successful/unsuccessful uses of the ftruncate command must generate an audit record.
| Rule ID | xccdf_pcf.pci.SV-90427r3_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:35 |
| Severity | medium |
| Identifiers and References | Identifiers: CCI-000130, CCI-000135, CCI-000169, CCI-000172, CCI-002884, AU-3 |
Successful/unsuccessful uses of the creat command must generate an audit record.xccdf_pcf.pci.SV-90429r3_rule_services mediumCCI-000130 CCI-000135 CCI-000169 CCI-000172 CCI-002884 AU-3
Successful/unsuccessful uses of the creat command must generate an audit record.
| Rule ID | xccdf_pcf.pci.SV-90429r3_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:35 |
| Severity | medium |
| Identifiers and References | Identifiers: CCI-000130, CCI-000135, CCI-000169, CCI-000172, CCI-002884, AU-3 |
Successful/unsuccessful uses of the openat command must generate an audit record.xccdf_pcf.pci.SV-90431r3_rule_services mediumCCI-000130 CCI-000135 CCI-000169 CCI-000172 CCI-002884 AU-3
Successful/unsuccessful uses of the openat command must generate an audit record.
| Rule ID | xccdf_pcf.pci.SV-90431r3_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:35 |
| Severity | medium |
| Identifiers and References | Identifiers: CCI-000130, CCI-000135, CCI-000169, CCI-000172, CCI-002884, AU-3 |
Successful/unsuccessful uses of the open_by_handle_at command must generate an audit record.xccdf_pcf.pci.SV-90433r3_rule_services mediumCCI-000130 CCI-000135 CCI-000169 CCI-000172 CCI-002884 AU-3
Successful/unsuccessful uses of the open_by_handle_at command must generate an audit record.
| Rule ID | xccdf_pcf.pci.SV-90433r3_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:35 |
| Severity | medium |
| Identifiers and References | Identifiers: CCI-000130, CCI-000135, CCI-000169, CCI-000172, CCI-002884, AU-3 |
Successful/unsuccessful uses of the sudo command must generate an audit record.xccdf_pcf.pci.SV-90435r3_rule_services mediumCCI-000130 CCI-000135 CCI-000169 CCI-000172 CCI-002884 AU-3
Successful/unsuccessful uses of the sudo command must generate an audit record.
| Rule ID | xccdf_pcf.pci.SV-90435r3_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:35 |
| Severity | medium |
| Identifiers and References | Identifiers: CCI-000130, CCI-000135, CCI-000169, CCI-000172, CCI-002884, AU-3 |
Successful/unsuccessful uses of the sudoedit command must generate an audit record.xccdf_pcf.pci.SV-90437r3_rule_services mediumCCI-000130 CCI-000135 CCI-000169 CCI-000172 CCI-002884 AU-3
Successful/unsuccessful uses of the sudoedit command must generate an audit record.
| Rule ID | xccdf_pcf.pci.SV-90437r3_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:35 |
| Severity | medium |
| Identifiers and References | Identifiers: CCI-000130, CCI-000135, CCI-000169, CCI-000172, CCI-002884, AU-3 |
Successful/unsuccessful uses of the chsh command must generate an audit record.xccdf_pcf.pci.SV-90439r3_rule_services mediumCCI-000130 CCI-000135 CCI-000169 CCI-000172 CCI-002884 AU-3
Successful/unsuccessful uses of the chsh command must generate an audit record.
| Rule ID | xccdf_pcf.pci.SV-90439r3_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:35 |
| Severity | medium |
| Identifiers and References | Identifiers: CCI-000130, CCI-000135, CCI-000169, CCI-000172, CCI-002884, AU-3 |
Successful/unsuccessful uses of the newgrp command must generate an audit record.xccdf_pcf.pci.SV-90441r4_rule_services mediumCCI-000130 CCI-000135 CCI-000169 CCI-000172 CCI-002884 AU-3
Successful/unsuccessful uses of the newgrp command must generate an audit record.
| Rule ID | xccdf_pcf.pci.SV-90441r4_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:35 |
| Severity | medium |
| Identifiers and References | Identifiers: CCI-000130, CCI-000135, CCI-000169, CCI-000172, CCI-002884, AU-3 |
Successful/unsuccessful uses of the chcon command must generate an audit record.xccdf_pcf.pci.SV-95681r1_rule_services mediumCCI-000130 CCI-000135 CCI-000169 CCI-000172 CCI-002884 AU-3
Successful/unsuccessful uses of the chcon command must generate an audit record.
| Rule ID | xccdf_pcf.pci.SV-95681r1_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:35 |
| Severity | medium |
| Identifiers and References | Identifiers: CCI-000130, CCI-000135, CCI-000169, CCI-000172, CCI-002884, AU-3 |
Successful/unsuccessful uses of the apparmor_parser command must generate an audit record.xccdf_pcf.pci.SV-90445r3_rule_services mediumCCI-000130 CCI-000135 CCI-000169 CCI-000172 CCI-002884 AU-3
Successful/unsuccessful uses of the apparmor_parser command must generate an audit record.
| Rule ID | xccdf_pcf.pci.SV-90445r3_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:35 |
| Severity | medium |
| Identifiers and References | Identifiers: CCI-000130, CCI-000135, CCI-000169, CCI-000172, CCI-002884, AU-3 |
Successful/unsuccessful modifications to the tallylog file must generate an audit record.xccdf_pcf.pci.SV-90451r3_rule_services mediumCCI-000130 CCI-000135 CCI-000169 CCI-000172 CCI-002884 AU-3
Successful/unsuccessful modifications to the tallylog file must generate an audit record.
| Rule ID | xccdf_pcf.pci.SV-90451r3_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:35 |
| Severity | medium |
| Identifiers and References | Identifiers: CCI-000130, CCI-000135, CCI-000169, CCI-000172, CCI-002884, AU-3 |
Successful/unsuccessful modifications to the faillog file must generate an audit record.xccdf_pcf.pci.SV-90453r3_rule_services mediumCCI-000130 CCI-000135 CCI-000169 CCI-000172 CCI-002884 AU-3
Successful/unsuccessful modifications to the faillog file must generate an audit record.
| Rule ID | xccdf_pcf.pci.SV-90453r3_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:35 |
| Severity | medium |
| Identifiers and References | Identifiers: CCI-000130, CCI-000135, CCI-000169, CCI-000172, CCI-002884, AU-3 |
Successful/unsuccessful modifications to the lastlog file must generate an audit record.xccdf_pcf.pci.SV-90455r3_rule_services mediumCCI-000130 CCI-000135 CCI-000169 CCI-000172 CCI-002884 AU-3
Successful/unsuccessful modifications to the lastlog file must generate an audit record.
| Rule ID | xccdf_pcf.pci.SV-90455r3_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:35 |
| Severity | medium |
| Identifiers and References | Identifiers: CCI-000130, CCI-000135, CCI-000169, CCI-000172, CCI-002884, AU-3 |
Successful/unsuccessful uses of the passwd command must generate an audit record.xccdf_pcf.pci.SV-90457r3_rule_services mediumCCI-000130 CCI-000135 CCI-000169 CCI-000172 CCI-002884 AU-3
Successful/unsuccessful uses of the passwd command must generate an audit record.
| Rule ID | xccdf_pcf.pci.SV-90457r3_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:35 |
| Severity | medium |
| Identifiers and References | Identifiers: CCI-000130, CCI-000135, CCI-000169, CCI-000172, CCI-002884, AU-3 |
Successful/unsuccessful uses of the unix_update command must generate an audit record.xccdf_pcf.pci.SV-90459r3_rule_services mediumCCI-000130 CCI-000135 CCI-000169 CCI-000172 CCI-002884 AU-3
Successful/unsuccessful uses of the unix_update command must generate an audit record.
| Rule ID | xccdf_pcf.pci.SV-90459r3_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:35 |
| Severity | medium |
| Identifiers and References | Identifiers: CCI-000130, CCI-000135, CCI-000169, CCI-000172, CCI-002884, AU-3 |
Successful/unsuccessful uses of the gpasswd command must generate an audit record.xccdf_pcf.pci.SV-90461r3_rule_services mediumCCI-000130 CCI-000135 CCI-000169 CCI-000172 CCI-002884 AU-3
Successful/unsuccessful uses of the gpasswd command must generate an audit record.
| Rule ID | xccdf_pcf.pci.SV-90461r3_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:35 |
| Severity | medium |
| Identifiers and References | Identifiers: CCI-000130, CCI-000135, CCI-000169, CCI-000172, CCI-002884, AU-3 |
Successful/unsuccessful uses of the chage command must generate an audit record.xccdf_pcf.pci.SV-90463r3_rule_services mediumCCI-000130 CCI-000135 CCI-000169 CCI-000172 CCI-002884 AU-3
Successful/unsuccessful uses of the chage command must generate an audit record.
| Rule ID | xccdf_pcf.pci.SV-90463r3_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:35 |
| Severity | medium |
| Identifiers and References | Identifiers: CCI-000130, CCI-000135, CCI-000169, CCI-000172, CCI-002884, AU-3 |
Successful/unsuccessful uses of the usermod command must generate an audit record.xccdf_pcf.pci.SV-90465r3_rule_services mediumCCI-000130 CCI-000135 CCI-000169 CCI-000172 CCI-002884 AU-3
Successful/unsuccessful uses of the usermod command must generate an audit record.
| Rule ID | xccdf_pcf.pci.SV-90465r3_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:35 |
| Severity | medium |
| Identifiers and References | Identifiers: CCI-000130, CCI-000135, CCI-000169, CCI-000172, CCI-002884, AU-3 |
Successful/unsuccessful uses of the crontab command must generate an audit record.xccdf_pcf.pci.SV-90467r3_rule_services mediumCCI-000130 CCI-000135 CCI-000169 CCI-000172 CCI-002884 AU-3
Successful/unsuccessful uses of the crontab command must generate an audit record.
| Rule ID | xccdf_pcf.pci.SV-90467r3_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:35 |
| Severity | medium |
| Identifiers and References | Identifiers: CCI-000130, CCI-000135, CCI-000169, CCI-000172, CCI-002884, AU-3 |
Successful/unsuccessful uses of the pam_timestamp_check command must generate an audit record.xccdf_pcf.pci.SV-90469r3_rule_services mediumCCI-000130 CCI-000135 CCI-000169 CCI-000172 CCI-002884 AU-3
Successful/unsuccessful uses of the pam_timestamp_check command must generate an audit record.
| Rule ID | xccdf_pcf.pci.SV-90469r3_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:35 |
| Severity | medium |
| Identifiers and References | Identifiers: CCI-000130, CCI-000135, CCI-000169, CCI-000172, CCI-002884, AU-3 |
Successful/unsuccessful uses of the init_module command must generate an audit record.xccdf_pcf.pci.SV-90471r3_rule_services mediumCCI-000130 CCI-000135 CCI-000169 CCI-000172 CCI-002884 AU-3
Successful/unsuccessful uses of the init_module command must generate an audit record.
| Rule ID | xccdf_pcf.pci.SV-90471r3_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:35 |
| Severity | medium |
| Identifiers and References | Identifiers: CCI-000130, CCI-000135, CCI-000169, CCI-000172, CCI-002884, AU-3 |
Successful/unsuccessful uses of the finit_module command must generate an audit record.xccdf_pcf.pci.SV-90473r3_rule_services mediumCCI-000130 CCI-000135 CCI-000169 CCI-000172 CCI-002884 AU-3
Successful/unsuccessful uses of the finit_module command must generate an audit record.
| Rule ID | xccdf_pcf.pci.SV-90473r3_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:35 |
| Severity | medium |
| Identifiers and References | Identifiers: CCI-000130, CCI-000135, CCI-000169, CCI-000172, CCI-002884, AU-3 |
Successful/unsuccessful uses of the delete_module command must generate an audit record.xccdf_pcf.pci.SV-90475r3_rule_services mediumCCI-000130 CCI-000135 CCI-000169 CCI-000172 CCI-002884 AU-3
Successful/unsuccessful uses of the delete_module command must generate an audit record.
| Rule ID | xccdf_pcf.pci.SV-90475r3_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:35 |
| Severity | medium |
| Identifiers and References | Identifiers: CCI-000130, CCI-000135, CCI-000169, CCI-000172, CCI-002884, AU-3 |
The telnet package must not be installed.xccdf_pcf.pci.SV-90477r2_rule_services highCCI-000197 CCI-000381 IA-5 (1) (c)
The telnet package must not be installed.
| Rule ID | xccdf_pcf.pci.SV-90477r2_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:40 |
| Severity | high |
| Identifiers and References | Identifiers: CCI-000197, CCI-000381, IA-5 (1) (c) |
The Network Information Service (NIS) package must not be installed.xccdf_pcf.pci.SV-90479r2_rule_services highCCI-000381 CM-7 a
The Network Information Service (NIS) package must not be installed.
| Rule ID | xccdf_pcf.pci.SV-90479r2_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:41 |
| Severity | high |
| Identifiers and References | Identifiers: CCI-000381, CM-7 a |
The rsh-server package must not be installed.xccdf_pcf.pci.SV-90481r2_rule_services highCCI-000381 CM-7 a
The rsh-server package must not be installed.
| Rule ID | xccdf_pcf.pci.SV-90481r2_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:41 |
| Severity | high |
| Identifiers and References | Identifiers: CCI-000381, CM-7 a |
A sticky bit must be set on all public directories to prevent unauthorized and unintended information transferred via shared system resources.xccdf_pcf.pci.SV-90491r4_rule_services mediumCCI-001090 SC-4
A sticky bit must be set on all public directories to prevent unauthorized and unintended information transferred via shared system resources.
| Rule ID | xccdf_pcf.pci.SV-90491r4_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:41 |
| Severity | medium |
| Identifiers and References | Identifiers: CCI-001090, SC-4 |
The Ubuntu operating system must synchronize internal information system clocks to the authoritative time source when the time difference is greater than one second.xccdf_pcf.pci.SV-90495r2_rule_services mediumCCI-002046 AU-8 (1) (b)
The Ubuntu operating system must synchronize internal information system clocks to the authoritative time source when the time difference is greater than one second.
| Rule ID | xccdf_pcf.pci.SV-90495r2_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:41 |
| Severity | medium |
| Identifiers and References | Identifiers: CCI-002046, AU-8 (1) (b) |
The Ubuntu operating system must record time stamps for audit records that can be mapped to Coordinated Universal Time (UTC) or Greenwich Mean Time (GMT).xccdf_pcf.pci.SV-90497r2_rule_services mediumCCI-001890 AU-8 b
The Ubuntu operating system must record time stamps for audit records that can be mapped to Coordinated Universal Time (UTC) or Greenwich Mean Time (GMT).
| Rule ID | xccdf_pcf.pci.SV-90497r2_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:41 |
| Severity | medium |
| Identifiers and References | Identifiers: CCI-001890, AU-8 b |
The Ubuntu operating system must implement non-executable data to protect its memory from unauthorized code execution.xccdf_pcf.pci.SV-90499r2_rule_services mediumCCI-002824 SI-16
The Ubuntu operating system must implement non-executable data to protect its memory from unauthorized code execution.
| Rule ID | xccdf_pcf.pci.SV-90499r2_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:41 |
| Severity | medium |
| Identifiers and References | Identifiers: CCI-002824, SI-16 |
The Ubuntu operating system must implement address space layout randomization to protect its memory from unauthorized code execution.xccdf_pcf.pci.SV-90501r2_rule_services mediumCCI-002824 SI-16
The Ubuntu operating system must implement address space layout randomization to protect its memory from unauthorized code execution.
| Rule ID | xccdf_pcf.pci.SV-90501r2_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:41 |
| Severity | medium |
| Identifiers and References | Identifiers: CCI-002824, SI-16 |
The Ubuntu operating system must enforce SSHv2 for network access to all accounts.xccdf_pcf.pci.SV-90503r1_rule_services highCCI-001941 CCI-001942 IA-2 (8)
The Ubuntu operating system must enforce SSHv2 for network access to all accounts.
| Rule ID | xccdf_pcf.pci.SV-90503r1_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:41 |
| Severity | high |
| Identifiers and References | Identifiers: CCI-001941, CCI-001942, IA-2 (8) |
The Ubuntu operating system must display the Standard Mandatory DoD Notice and Consent Banner before granting local or remote access to the system via a SSH logon and the user must acknowledge the usage conditions and take explicit actions to log on for further access.xccdf_pcf.pci.SV-90505r3_rule_services mediumCCI-000048 AC-8 a
The Ubuntu operating system must display the Standard Mandatory DoD Notice and Consent Banner before granting local or remote access to the system via a SSH logon and the user must acknowledge the usage conditions and take explicit actions to log on for further access.
| Rule ID | xccdf_pcf.pci.SV-90505r3_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:41 |
| Severity | medium |
| Identifiers and References | Identifiers: CCI-000048, AC-8 a |
The Ubuntu operating system must not permit direct logons to the root account using remote access via SSH.xccdf_pcf.pci.SV-90507r2_rule_services mediumCCI-000366 CM-6 b
The Ubuntu operating system must not permit direct logons to the root account using remote access via SSH.
| Rule ID | xccdf_pcf.pci.SV-90507r2_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:41 |
| Severity | medium |
| Identifiers and References | Identifiers: CCI-000366, CM-6 b |
Unattended or automatic login via SSH must not be allowed.xccdf_pcf.pci.SV-90513r2_rule_services highCCI-000366 CM-6 b
Unattended or automatic login via SSH must not be allowed.
| Rule ID | xccdf_pcf.pci.SV-90513r2_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:41 |
| Severity | high |
| Identifiers and References | Identifiers: CCI-000366, CM-6 b |
The system must display the date and time of the last successful account logon upon an SSH logon.xccdf_pcf.pci.SV-90515r2_rule_services mediumCCI-000366 CM-6 b
The system must display the date and time of the last successful account logon upon an SSH logon.
| Rule ID | xccdf_pcf.pci.SV-90515r2_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:41 |
| Severity | medium |
| Identifiers and References | Identifiers: CCI-000366, CM-6 b |
The SSH public host key files must have mode 0644 or less permissive.xccdf_pcf.pci.SV-90523r2_rule_services mediumCCI-000366 CM-6 b
The SSH public host key files must have mode 0644 or less permissive.
| Rule ID | xccdf_pcf.pci.SV-90523r2_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:41 |
| Severity | medium |
| Identifiers and References | Identifiers: CCI-000366, CM-6 b |
The SSH private host key files must have mode 0600 or less permissive.xccdf_pcf.pci.SV-90525r2_rule_services mediumCCI-000366 CM-6 b
The SSH private host key files must have mode 0600 or less permissive.
| Rule ID | xccdf_pcf.pci.SV-90525r2_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:41 |
| Severity | medium |
| Identifiers and References | Identifiers: CCI-000366, CM-6 b |
The SSH daemon must perform strict mode checking of home directory configuration files.xccdf_pcf.pci.SV-90527r2_rule_services mediumCCI-000366 CM-6 b
The SSH daemon must perform strict mode checking of home directory configuration files.
| Rule ID | xccdf_pcf.pci.SV-90527r2_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:41 |
| Severity | medium |
| Identifiers and References | Identifiers: CCI-000366, CM-6 b |
The SSH daemon must use privilege separation.xccdf_pcf.pci.SV-90529r2_rule_services mediumCCI-000366 CM-6 b
The SSH daemon must use privilege separation.
| Rule ID | xccdf_pcf.pci.SV-90529r2_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:41 |
| Severity | medium |
| Identifiers and References | Identifiers: CCI-000366, CM-6 b |
All networked systems must have and implement SSH to protect the confidentiality and integrity of transmitted and received information, as well as information during preparation for transmission.xccdf_pcf.pci.SV-90537r1-1_rule_services highCCI-002418 CCI-002420 CCI-002421 CCI-002422 SC-8
All networked systems must have and implement SSH to protect the confidentiality and integrity of transmitted and received information, as well as information during preparation for transmission.
| Rule ID | xccdf_pcf.pci.SV-90537r1-1_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:42 |
| Severity | high |
| Identifiers and References | Identifiers: CCI-002418, CCI-002420, CCI-002421, CCI-002422, SC-8 |
All networked systems must have and implement SSH to protect the confidentiality and integrity of transmitted and received information, as well as information during preparation for transmission.xccdf_pcf.pci.SV-90537r1-2_rule_services highCCI-002418 CCI-002420 CCI-002421 CCI-002422 SC-8
All networked systems must have and implement SSH to protect the confidentiality and integrity of transmitted and received information, as well as information during preparation for transmission.
| Rule ID | xccdf_pcf.pci.SV-90537r1-2_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:42 |
| Severity | high |
| Identifiers and References | Identifiers: CCI-002418, CCI-002420, CCI-002421, CCI-002422, SC-8 |
All networked systems must have and implement SSH to protect the confidentiality and integrity of transmitted and received information, as well as information during preparation for transmission.xccdf_pcf.pci.SV-90537r1-3_rule_services highCCI-002418 CCI-002420 CCI-002421 CCI-002422 SC-8
All networked systems must have and implement SSH to protect the confidentiality and integrity of transmitted and received information, as well as information during preparation for transmission.
| Rule ID | xccdf_pcf.pci.SV-90537r1-3_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:42 |
| Severity | high |
| Identifiers and References | Identifiers: CCI-002418, CCI-002420, CCI-002421, CCI-002422, SC-8 |
All networked systems must have and implement SSH to protect the confidentiality and integrity of transmitted and received information, as well as information during preparation for transmission.xccdf_pcf.pci.SV-90537r1-4_rule_services highCCI-002418 CCI-002420 CCI-002421 CCI-002422 SC-8
All networked systems must have and implement SSH to protect the confidentiality and integrity of transmitted and received information, as well as information during preparation for transmission.
| Rule ID | xccdf_pcf.pci.SV-90537r1-4_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:42 |
| Severity | high |
| Identifiers and References | Identifiers: CCI-002418, CCI-002420, CCI-002421, CCI-002422, SC-8 |
All remote access methods must be monitored.xccdf_pcf.pci.SV-90543r2_rule_services mediumCCI-000067 AC-17 (1)
All remote access methods must be monitored.
| Rule ID | xccdf_pcf.pci.SV-90543r2_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:42 |
| Severity | medium |
| Identifiers and References | Identifiers: CCI-000067, AC-17 (1) |
Cron logging must be implemented.xccdf_pcf.pci.SV-90545r2_rule_services mediumCCI-000366 CM-6 b
Cron logging must be implemented.
| Rule ID | xccdf_pcf.pci.SV-90545r2_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:42 |
| Severity | medium |
| Identifiers and References | Identifiers: CCI-000366, CM-6 b |
The Ubuntu operating system must be configured to use TCP syncookies.xccdf_pcf.pci.SV-90549r2_rule_services mediumCCI-001095 SC-5 (2)
The Ubuntu operating system must be configured to use TCP syncookies.
| Rule ID | xccdf_pcf.pci.SV-90549r2_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:42 |
| Severity | medium |
| Identifiers and References | Identifiers: CCI-001095, SC-5 (2) |
For Ubuntu operating systems using Domain Name Servers (DNS) resolution, at least two name servers must be configured.xccdf_pcf.pci.SV-90551r2_rule_services lowCCI-000366 CM-6 b
For Ubuntu operating systems using Domain Name Servers (DNS) resolution, at least two name servers must be configured.
| Rule ID | xccdf_pcf.pci.SV-90551r2_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:42 |
| Severity | low |
| Identifiers and References | Identifiers: CCI-000366, CM-6 b |
The Ubuntu operating system must not forward Internet Protocol version 4 (IPv4) source-routed packets.xccdf_pcf.pci.SV-90553r3_rule_services mediumCCI-000366 CM-6 b
The Ubuntu operating system must not forward Internet Protocol version 4 (IPv4) source-routed packets.
| Rule ID | xccdf_pcf.pci.SV-90553r3_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:42 |
| Severity | medium |
| Identifiers and References | Identifiers: CCI-000366, CM-6 b |
The Ubuntu operating system must not forward Internet Protocol version 4 (IPv4) source-routed packets by default.xccdf_pcf.pci.SV-90555r3_rule_services mediumCCI-000366 CM-6 b
The Ubuntu operating system must not forward Internet Protocol version 4 (IPv4) source-routed packets by default.
| Rule ID | xccdf_pcf.pci.SV-90555r3_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:42 |
| Severity | medium |
| Identifiers and References | Identifiers: CCI-000366, CM-6 b |
The Ubuntu operating system must not respond to Internet Protocol version 4 (IPv4) Internet Control Message Protocol (ICMP) echoes sent to a broadcast address.xccdf_pcf.pci.SV-90557r2_rule_services mediumCCI-000366 CM-6 b
The Ubuntu operating system must not respond to Internet Protocol version 4 (IPv4) Internet Control Message Protocol (ICMP) echoes sent to a broadcast address.
| Rule ID | xccdf_pcf.pci.SV-90557r2_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:42 |
| Severity | medium |
| Identifiers and References | Identifiers: CCI-000366, CM-6 b |
The Ubuntu operating system must prevent Internet Protocol version 4 (IPv4) Internet Control Message Protocol (ICMP) redirect messages from being accepted.xccdf_pcf.pci.SV-90559r3_rule_services mediumCCI-000366 CM-6 b
The Ubuntu operating system must prevent Internet Protocol version 4 (IPv4) Internet Control Message Protocol (ICMP) redirect messages from being accepted.
| Rule ID | xccdf_pcf.pci.SV-90559r3_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:42 |
| Severity | medium |
| Identifiers and References | Identifiers: CCI-000366, CM-6 b |
The Ubuntu operating system must ignore Internet Protocol version 4 (IPv4) Internet Control Message Protocol (ICMP) redirect messages.xccdf_pcf.pci.SV-90561r2_rule_services mediumCCI-000366 CM-6 b
The Ubuntu operating system must ignore Internet Protocol version 4 (IPv4) Internet Control Message Protocol (ICMP) redirect messages.
| Rule ID | xccdf_pcf.pci.SV-90561r2_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:42 |
| Severity | medium |
| Identifiers and References | Identifiers: CCI-000366, CM-6 b |
The Ubuntu operating system must not allow interfaces to perform Internet Protocol version 4 (IPv4) Internet Control Message Protocol (ICMP) redirects by default.xccdf_pcf.pci.SV-90563r2_rule_services mediumCCI-000366 CM-6 b
The Ubuntu operating system must not allow interfaces to perform Internet Protocol version 4 (IPv4) Internet Control Message Protocol (ICMP) redirects by default.
| Rule ID | xccdf_pcf.pci.SV-90563r2_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:42 |
| Severity | medium |
| Identifiers and References | Identifiers: CCI-000366, CM-6 b |
The Ubuntu operating system must not send Internet Protocol version 4 (IPv4) Internet Control Message Protocol (ICMP) redirects.xccdf_pcf.pci.SV-90565r2_rule_services mediumCCI-000366 CM-6 b
The Ubuntu operating system must not send Internet Protocol version 4 (IPv4) Internet Control Message Protocol (ICMP) redirects.
| Rule ID | xccdf_pcf.pci.SV-90565r2_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:42 |
| Severity | medium |
| Identifiers and References | Identifiers: CCI-000366, CM-6 b |
The Ubuntu operating system must not be performing packet forwarding unless the system is a router.xccdf_pcf.pci.SV-90567r2_rule_services mediumCCI-000366 CM-6 b
The Ubuntu operating system must not be performing packet forwarding unless the system is a router.
| Rule ID | xccdf_pcf.pci.SV-90567r2_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:42 |
| Severity | medium |
| Identifiers and References | Identifiers: CCI-000366, CM-6 b |
Network interfaces must not be in promiscuous mode.xccdf_pcf.pci.SV-90569r2_rule_services mediumCCI-000366 CM-6 b
Network interfaces must not be in promiscuous mode.
| Rule ID | xccdf_pcf.pci.SV-90569r2_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:42 |
| Severity | medium |
| Identifiers and References | Identifiers: CCI-000366, CM-6 b |
The Ubuntu operating system must be configured to prevent unrestricted mail relaying.xccdf_pcf.pci.SV-90571r2_rule_services mediumCCI-000366 CM-6 b
The Ubuntu operating system must be configured to prevent unrestricted mail relaying.
| Rule ID | xccdf_pcf.pci.SV-90571r2_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:42 |
| Severity | medium |
| Identifiers and References | Identifiers: CCI-000366, CM-6 b |
The Information System Security Officer (ISSO) and System Administrator (SA) (at a minimum) must have mail aliases to be notified of an audit processing failure.xccdf_pcf.pci.SV-90573r2_rule_services mediumCCI-000139 AU-5 a
The Information System Security Officer (ISSO) and System Administrator (SA) (at a minimum) must have mail aliases to be notified of an audit processing failure.
| Rule ID | xccdf_pcf.pci.SV-90573r2_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:42 |
| Severity | medium |
| Identifiers and References | Identifiers: CCI-000139, AU-5 a |
A File Transfer Protocol (FTP) server package must not be installed unless needed.xccdf_pcf.pci.SV-90575r1_rule_services highCCI-000366 CM-6 b
A File Transfer Protocol (FTP) server package must not be installed unless needed.
| Rule ID | xccdf_pcf.pci.SV-90575r1_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:42 |
| Severity | high |
| Identifiers and References | Identifiers: CCI-000366, CM-6 b |
The Trivial File Transfer Protocol (TFTP) server package must not be installed if not required for operational support.xccdf_pcf.pci.SV-90577r2_rule_services highCCI-000318 CCI-000368 CCI-001812 CCI-001813 CCI-001814 CM-6 b
The Trivial File Transfer Protocol (TFTP) server package must not be installed if not required for operational support.
| Rule ID | xccdf_pcf.pci.SV-90577r2_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:43 |
| Severity | high |
| Identifiers and References | Identifiers: CCI-000318, CCI-000368, CCI-001812, CCI-001813, CCI-001814, CM-6 b |
If the Trivial File Transfer Protocol (TFTP) server is required, the TFTP daemon must be configured to operate in secure mode.xccdf_pcf.pci.SV-90579r1_rule_services mediumCCI-000366 CM-6 b
If the Trivial File Transfer Protocol (TFTP) server is required, the TFTP daemon must be configured to operate in secure mode.
| Rule ID | xccdf_pcf.pci.SV-90579r1_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:43 |
| Severity | medium |
| Identifiers and References | Identifiers: CCI-000366, CM-6 b |
An X Windows display manager must not be installed unless approved.xccdf_pcf.pci.SV-90581r1_rule_services mediumCCI-000366 CM-6 b
An X Windows display manager must not be installed unless approved.
| Rule ID | xccdf_pcf.pci.SV-90581r1_rule_services |
| Result |
pass
|
| Time | 2020-05-05T17:46:43 |
| Severity | medium |
| Identifiers and References | Identifiers: CCI-000366, CM-6 b |