STIGQter: STIG Summary: Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:

The Ubuntu operating system must initiate session audits at system startup.

DISA Rule

SV-219149r610963_rule

Vulnerability Number

V-219149

Group Title

SRG-OS-000254-GPOS-00095

Rule Version

UBTU-18-010002

Severity

CAT II

CCI(s)

• CCI-001464 - The information system initiates session audits at system start-up.

Weight

10

Fix Recommendation

Configure the Ubuntu operating system to produce audit records at system startup.

Edit /etc/default/grub file and add "audit=1" to the GRUB_CMDLINE_LINUX option.

To update the grub config file run,

sudo update-grub

Check Contents

Verify the Ubuntu operating system enables auditing at system startup.

Check that the auditing is enabled in grub with the following command:

grep "^\s*linux" /boot/grub/grub.cfg

linux /vmlinuz-4.15.0-55-generic root=/dev/mapper/ubuntu--vg-root ro quiet splash $vt_handoff audit=1
linux /vmlinuz-4.15.0-55-generic root=/dev/mapper/ubuntu--vg-root ro recovery nomodeset audit=1

If any linux lines do not contain "audit=1", this is a finding.

Vulnerability Number

V-219149

Documentable

False

Rule Version

UBTU-18-010002

Severity Override Guidance

Verify the Ubuntu operating system enables auditing at system startup.

Check that the auditing is enabled in grub with the following command:

grep "^\s*linux" /boot/grub/grub.cfg

linux /vmlinuz-4.15.0-55-generic root=/dev/mapper/ubuntu--vg-root ro quiet splash $vt_handoff audit=1
linux /vmlinuz-4.15.0-55-generic root=/dev/mapper/ubuntu--vg-root ro recovery nomodeset audit=1

If any linux lines do not contain "audit=1", this is a finding.

Check Content Reference

M

Target Key

4055

Comments