From 07ce16ab574f86a74a568f3e3a5866fa7d93b8dd Mon Sep 17 00:00:00 2001 From: Miha Purg Date: Tue, 2 Apr 2024 13:00:44 +0200 Subject: [PATCH] Initial draft version of STIG V1R1 profile for Ubuntu 22.04 LTS Based on Ubuntu 20.04 STIG profile. --- .../rule.yml | 1 + .../base/service_kdump_disabled/rule.yml | 1 + .../package_telnetd_removed/rule.yml | 1 + .../ntp/chronyd_or_ntpd_set_maxpoll/rule.yml | 1 + .../services/ntp/chronyd_sync_clock/rule.yml | 1 + .../ntp/package_chrony_installed/rule.yml | 1 + .../package_rsh-server_removed/rule.yml | 1 + .../package_openssh-server_installed/rule.yml | 1 + .../ssh/service_sshd_enabled/rule.yml | 1 + .../sshd_disable_empty_passwords/rule.yml | 1 + .../sshd_disable_x11_forwarding/rule.yml | 1 + .../sshd_do_not_permit_user_env/rule.yml | 1 + .../ssh/ssh_server/sshd_enable_pam/rule.yml | 1 + .../sshd_enable_pubkey_auth/rule.yml | 1 + .../sshd_enable_warning_banner_net/rule.yml | 1 + .../ssh_server/sshd_set_idle_timeout/rule.yml | 1 + .../ssh_server/sshd_set_keepalive/rule.yml | 1 + .../rule.yml | 1 + .../rule.yml | 1 + .../rule.yml | 1 + .../sshd_x11_use_localhost/rule.yml | 1 + .../sssd_offline_cred_expiration/rule.yml | 1 + .../banner_etc_issue_net/rule.yml | 1 + .../dconf_gnome_banner_enabled/rule.yml | 1 + .../dconf_gnome_login_banner_text/rule.yml | 1 + .../display_login_attempts/rule.yml | 1 + .../rule.yml | 1 + .../rule.yml | 1 + .../rule.yml | 1 + .../rule.yml | 1 + .../rule.yml | 1 + .../rule.yml | 1 + .../rule.yml | 1 + .../accounts_passwords_pam_tally2/rule.yml | 1 + .../package_pam_pwquality_installed/rule.yml | 1 + .../accounts_password_pam_dcredit/rule.yml | 1 + .../accounts_password_pam_dictcheck/rule.yml | 1 + .../accounts_password_pam_difok/rule.yml | 1 + .../accounts_password_pam_enforcing/rule.yml | 1 + .../accounts_password_pam_lcredit/rule.yml | 1 + .../accounts_password_pam_minlen/rule.yml | 1 + .../accounts_password_pam_ocredit/rule.yml | 1 + .../accounts_password_pam_retry/rule.yml | 1 + .../accounts_password_pam_ucredit/rule.yml | 1 + .../rule.yml | 1 + .../disable_ctrlaltdel_burstaction/rule.yml | 1 + .../disable_ctrlaltdel_reboot/rule.yml | 1 + .../vlock_installed/rule.yml | 1 + .../install_smartcard_packages/rule.yml | 1 + .../package_opensc_installed/rule.yml | 1 + .../smartcard_configure_ca/rule.yml | 1 + .../rule.yml | 1 + .../smartcard_configure_crl/rule.yml | 1 + .../smartcard_pam_enabled/rule.yml | 1 + .../verify_use_mappers/rule.yml | 1 + .../rule.yml | 1 + .../account_temp_expire_date/rule.yml | 1 + .../rule.yml | 1 + .../accounts_maximum_age_login_defs/rule.yml | 1 + .../accounts_minimum_age_login_defs/rule.yml | 1 + .../ensure_sudo_group_restricted/rule.yml | 1 + .../no_duplicate_uids/rule.yml | 1 + .../no_empty_passwords/rule.yml | 1 + .../no_empty_passwords_etc_shadow/rule.yml | 1 + .../prevent_direct_root_logins/rule.yml | 1 + .../rule.yml | 1 + .../accounts-session/accounts_tmout/rule.yml | 1 + .../accounts_umask_etc_login_defs/rule.yml | 1 + .../apparmor/apparmor_configured/rule.yml | 1 + .../package_apparmor_installed/rule.yml | 1 + .../rule.yml | 1 + .../rule.yml | 1 + .../rule.yml | 1 + .../audit_rules_execution_chacl/rule.yml | 1 + .../audit_rules_execution_setfacl/rule.yml | 1 + .../audit_rules_execution_chcon/rule.yml | 1 + .../rule.yml | 1 + .../rule.yml | 1 + .../rule.yml | 1 + .../rule.yml | 1 + .../rule.yml | 1 + .../rule.yml | 1 + .../rule.yml | 1 + .../rule.yml | 1 + .../rule.yml | 1 + .../audit_rules_login_events_faillog/rule.yml | 1 + .../audit_rules_login_events_lastlog/rule.yml | 1 + .../rule.yml | 1 + .../rule.yml | 1 + .../rule.yml | 1 + .../rule.yml | 1 + .../rule.yml | 1 + .../rule.yml | 1 + .../rule.yml | 1 + .../rule.yml | 1 + .../rule.yml | 1 + .../rule.yml | 1 + .../rule.yml | 1 + .../rule.yml | 1 + .../rule.yml | 1 + .../rule.yml | 1 + .../rule.yml | 1 + .../rule.yml | 1 + .../rule.yml | 1 + .../rule.yml | 1 + .../rule.yml | 1 + .../rule.yml | 1 + .../rule.yml | 1 + .../audit_rules_session_events_btmp/rule.yml | 1 + .../audit_rules_session_events_utmp/rule.yml | 1 + .../audit_rules_session_events_wtmp/rule.yml | 1 + .../audit_rules_sudoers/rule.yml | 1 + .../audit_rules_sudoers_d/rule.yml | 1 + .../rule.yml | 1 + .../rule.yml | 1 + .../rule.yml | 1 + .../rule.yml | 1 + .../rule.yml | 1 + .../rule.yml | 1 + .../audit_sudo_log_events/rule.yml | 1 + .../rule.yml | 1 + .../rule.yml | 1 + .../rule.yml | 1 + .../rule.yml | 1 + .../rule.yml | 1 + .../file_permissions_var_log_audit/rule.yml | 1 + .../rule.yml | 1 + .../rule.yml | 1 + .../auditd_data_disk_full_action/rule.yml | 1 + .../rule.yml | 1 + .../rule.yml | 1 + .../rule.yml | 1 + .../auditd_offload_logs/rule.yml | 1 + .../auditing/grub2_audit_argument/rule.yml | 1 + .../rule.yml | 1 + .../auditing/package_audit_installed/rule.yml | 1 + .../auditing/service_auditd_enabled/rule.yml | 2 + .../non-uefi/grub2_password/rule.yml | 1 + .../uefi/grub2_uefi_password/rule.yml | 1 + .../rsyslog_remote_access_monitoring/rule.yml | 1 + .../ensure_rtc_utc_configuration/rule.yml | 1 + .../logging/service_rsyslog_enabled/rule.yml | 1 + .../sysctl_net_ipv4_tcp_syncookies/rule.yml | 1 + .../package_ufw_installed/rule.yml | 1 + .../network-ufw/service_ufw_enabled/rule.yml | 1 + .../ufw_only_required_services/rule.yml | 1 + .../network-ufw/ufw_rate_limit/rule.yml | 1 + .../wireless_disable_interfaces/rule.yml | 1 + .../network_ssl/only_allow_dod_certs/rule.yml | 1 + .../rule.yml | 1 + .../rule.yml | 1 + .../rule.yml | 1 + .../files/permissions_local_var_log/rule.yml | 1 + .../file_groupowner_var_log/rule.yml | 1 + .../file_groupowner_var_log_syslog/rule.yml | 1 + .../file_owner_var_log/rule.yml | 1 + .../file_owner_var_log_syslog/rule.yml | 1 + .../file_permissions_var_log/rule.yml | 1 + .../file_permissions_var_log_syslog/rule.yml | 1 + .../dir_group_ownership_library_dirs/rule.yml | 1 + .../dir_groupownership_binary_dirs/rule.yml | 1 + .../dir_ownership_binary_dirs/rule.yml | 1 + .../dir_ownership_library_dirs/rule.yml | 1 + .../dir_permissions_binary_dirs/rule.yml | 1 + .../rule.yml | 1 + .../file_ownership_audit_binaries/rule.yml | 1 + .../file_ownership_binary_dirs/rule.yml | 1 + .../file_ownership_library_dirs/rule.yml | 1 + .../file_permissions_audit_binaries/rule.yml | 1 + .../file_permissions_binary_dirs/rule.yml | 1 + .../file_permissions_library_dirs/rule.yml | 1 + .../rule.yml | 1 + .../rule.yml | 1 + .../sysctl_kernel_randomize_va_space/rule.yml | 1 + .../rule.yml | 1 + .../sysctl_kernel_dmesg_restrict/rule.yml | 1 + .../encrypt_partitions/rule.yml | 1 + .../enable_dconf_user_profile/bash/shared.sh | 2 +- .../enable_dconf_user_profile/oval/shared.xml | 2 +- .../gnome/enable_dconf_user_profile/rule.yml | 5 +- .../rule.yml | 1 + .../rule.yml | 1 + .../rule.yml | 1 + .../rule.yml | 1 + .../package_mcafeetp_installed/rule.yml | 1 + .../fips/is_fips_mode_enabled/rule.yml | 1 + .../aide/aide_build_database/rule.yml | 1 + .../aide/aide_check_audit_tools/rule.yml | 1 + .../aide/aide_disable_silentreports/rule.yml | 1 + .../aide/aide_periodic_cron_checking/rule.yml | 1 + .../aide/package_aide_installed/rule.yml | 1 + .../sudo/sudo_require_authentication/rule.yml | 1 + .../clean_components_post_updating/rule.yml | 1 + products/ubuntu2204/profiles/stig.profile | 671 ++++++++++++++++++ 194 files changed, 867 insertions(+), 4 deletions(-) create mode 100644 products/ubuntu2204/profiles/stig.profile diff --git a/linux_os/guide/services/apt/apt_conf_disallow_unauthenticated/rule.yml b/linux_os/guide/services/apt/apt_conf_disallow_unauthenticated/rule.yml index 74bfc04a124..ad355cf4e9c 100644 --- a/linux_os/guide/services/apt/apt_conf_disallow_unauthenticated/rule.yml +++ b/linux_os/guide/services/apt/apt_conf_disallow_unauthenticated/rule.yml @@ -14,3 +14,4 @@ severity: unknown references: stigid@ubuntu2004: UBTU-20-010438 + stigid@ubuntu2204: UBTU-22-214010 diff --git a/linux_os/guide/services/base/service_kdump_disabled/rule.yml b/linux_os/guide/services/base/service_kdump_disabled/rule.yml index 43abd89064f..0de34242577 100644 --- a/linux_os/guide/services/base/service_kdump_disabled/rule.yml +++ b/linux_os/guide/services/base/service_kdump_disabled/rule.yml @@ -44,6 +44,7 @@ references: stigid@sle12: SLES-12-010840 stigid@sle15: SLES-15-040190 stigid@ubuntu2004: UBTU-20-010413 + stigid@ubuntu2204: UBTU-22-213015 ocil_clause: |- {{{ ocil_clause_service_disabled(service="kdump") }}} diff --git a/linux_os/guide/services/deprecated/package_telnetd_removed/rule.yml b/linux_os/guide/services/deprecated/package_telnetd_removed/rule.yml index 6272e631571..662b94bc81a 100644 --- a/linux_os/guide/services/deprecated/package_telnetd_removed/rule.yml +++ b/linux_os/guide/services/deprecated/package_telnetd_removed/rule.yml @@ -25,6 +25,7 @@ references: nist: CM-7(a),CM-7(b),CM-6(a) nist-csf: PR.AC-3,PR.IP-1,PR.PT-3,PR.PT-4 stigid@ubuntu2004: UBTU-20-010405 + stigid@ubuntu2204: UBTU-22-215035 template: name: package_removed diff --git a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/rule.yml b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/rule.yml index 0a25263b6ac..750b51871f4 100644 --- a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/rule.yml +++ b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/rule.yml @@ -98,6 +98,7 @@ references: stigid@sle12: SLES-12-030300 stigid@sle15: SLES-15-010400 stigid@ubuntu2004: UBTU-20-010435 + stigid@ubuntu2204: UBTU-22-252010 ocil_clause: '"maxpoll" has not been set to the value of "{{{ xccdf_value("var_time_service_set_maxpoll") }}}", is commented out, or is missing' diff --git a/linux_os/guide/services/ntp/chronyd_sync_clock/rule.yml b/linux_os/guide/services/ntp/chronyd_sync_clock/rule.yml index ea13d3b22c8..2366d10bcfb 100644 --- a/linux_os/guide/services/ntp/chronyd_sync_clock/rule.yml +++ b/linux_os/guide/services/ntp/chronyd_sync_clock/rule.yml @@ -20,6 +20,7 @@ references: disa: CCI-002046 srg: SRG-OS-000356-GPOS-00144 stigid@ubuntu2004: UBTU-20-010436 + stigid@ubuntu2204: UBTU-22-252015 ocil_clause: '' diff --git a/linux_os/guide/services/ntp/package_chrony_installed/rule.yml b/linux_os/guide/services/ntp/package_chrony_installed/rule.yml index 70d2084d15d..694b47eb1b4 100644 --- a/linux_os/guide/services/ntp/package_chrony_installed/rule.yml +++ b/linux_os/guide/services/ntp/package_chrony_installed/rule.yml @@ -34,6 +34,7 @@ references: pcidss: Req-10.4 srg: SRG-OS-000355-GPOS-00143 stigid@ubuntu2004: UBTU-20-010435 + stigid@ubuntu2204: UBTU-22-215015 ocil_clause: 'the package is not installed' diff --git a/linux_os/guide/services/obsolete/r_services/package_rsh-server_removed/rule.yml b/linux_os/guide/services/obsolete/r_services/package_rsh-server_removed/rule.yml index a6bf08a6813..ada9d165323 100644 --- a/linux_os/guide/services/obsolete/r_services/package_rsh-server_removed/rule.yml +++ b/linux_os/guide/services/obsolete/r_services/package_rsh-server_removed/rule.yml @@ -39,6 +39,7 @@ references: stigid@rhel7: RHEL-07-020000 stigid@rhel8: RHEL-08-040010 stigid@ubuntu2004: UBTU-20-010406 + stigid@ubuntu2204: UBTU-22-215030 {{{ complete_ocil_entry_package(package="rsh-server") }}} diff --git a/linux_os/guide/services/ssh/package_openssh-server_installed/rule.yml b/linux_os/guide/services/ssh/package_openssh-server_installed/rule.yml index 98477336174..2fbdd219a10 100644 --- a/linux_os/guide/services/ssh/package_openssh-server_installed/rule.yml +++ b/linux_os/guide/services/ssh/package_openssh-server_installed/rule.yml @@ -33,6 +33,7 @@ references: stigid@rhel7: RHEL-07-040300 stigid@rhel8: RHEL-08-040159 stigid@ubuntu2004: UBTU-20-010042 + stigid@ubuntu2204: UBTU-22-255010 ocil_clause: 'the package is not installed' diff --git a/linux_os/guide/services/ssh/service_sshd_enabled/rule.yml b/linux_os/guide/services/ssh/service_sshd_enabled/rule.yml index 2f20d7736f9..9d2f306d5fc 100644 --- a/linux_os/guide/services/ssh/service_sshd_enabled/rule.yml +++ b/linux_os/guide/services/ssh/service_sshd_enabled/rule.yml @@ -44,6 +44,7 @@ references: stigid@sle12: SLES-12-030100 stigid@sle15: SLES-15-010530 stigid@ubuntu2004: UBTU-20-010042 + stigid@ubuntu2204: UBTU-22-255015 ocil: |- {{{ ocil_service_enabled(service="sshd") }}} diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_disable_empty_passwords/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_disable_empty_passwords/rule.yml index 26e35c7c5b0..64d518cd876 100644 --- a/linux_os/guide/services/ssh/ssh_server/sshd_disable_empty_passwords/rule.yml +++ b/linux_os/guide/services/ssh/ssh_server/sshd_disable_empty_passwords/rule.yml @@ -56,6 +56,7 @@ references: stigid@sle12: SLES-12-030150 stigid@sle15: SLES-15-040440 stigid@ubuntu2004: UBTU-20-010047 + stigid@ubuntu2204: UBTU-22-255025 {{{ complete_ocil_entry_sshd_option(default="yes", option="PermitEmptyPasswords", value="no") }}} diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_disable_x11_forwarding/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_disable_x11_forwarding/rule.yml index 8728eeb0874..24eafaade2d 100644 --- a/linux_os/guide/services/ssh/ssh_server/sshd_disable_x11_forwarding/rule.yml +++ b/linux_os/guide/services/ssh/ssh_server/sshd_disable_x11_forwarding/rule.yml @@ -46,6 +46,7 @@ references: stigid@rhel8: RHEL-08-040340 stigid@sle15: SLES-15-040290 stigid@ubuntu2004: UBTU-20-010048 + stigid@ubuntu2204: UBTU-22-255040 {{{ complete_ocil_entry_sshd_option(default="yes", option="X11Forwarding", value="no") }}} diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_do_not_permit_user_env/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_do_not_permit_user_env/rule.yml index c29598260d9..b007cf14e06 100644 --- a/linux_os/guide/services/ssh/ssh_server/sshd_do_not_permit_user_env/rule.yml +++ b/linux_os/guide/services/ssh/ssh_server/sshd_do_not_permit_user_env/rule.yml @@ -51,6 +51,7 @@ references: stigid@sle12: SLES-12-030151 stigid@sle15: SLES-15-040440 stigid@ubuntu2004: UBTU-20-010047 + stigid@ubuntu2204: UBTU-22-255025 {{{ complete_ocil_entry_sshd_option(default="yes", option="PermitUserEnvironment", value="no") }}} diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_enable_pam/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_enable_pam/rule.yml index 080e05beaee..a0aefb6fa30 100644 --- a/linux_os/guide/services/ssh/ssh_server/sshd_enable_pam/rule.yml +++ b/linux_os/guide/services/ssh/ssh_server/sshd_enable_pam/rule.yml @@ -35,6 +35,7 @@ references: disa: CCI-000877 srg: SRG-OS-000125-GPOS-00065 stigid@ubuntu2004: UBTU-20-010035 + stigid@ubuntu2204: UBTU-22-255065 {{{ complete_ocil_entry_sshd_option(default="no", option="UsePAM", value="yes") }}} diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_enable_pubkey_auth/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_enable_pubkey_auth/rule.yml index 23654a9d081..1886cf3867d 100644 --- a/linux_os/guide/services/ssh/ssh_server/sshd_enable_pubkey_auth/rule.yml +++ b/linux_os/guide/services/ssh/ssh_server/sshd_enable_pubkey_auth/rule.yml @@ -30,6 +30,7 @@ references: disa: CCI-000765,CCI-000766,CCI-000767,CCI-000768 srg: SRG-OS-000105-GPOS-00052,SRG-OS-000106-GPOS-00053,SRG-OS-000107-GPOS-00054,SRG-OS-000108-GPOS-00055 stigid@ubuntu2004: UBTU-20-010033 + stigid@ubuntu2204: UBTU-22-612020 {{{ complete_ocil_entry_sshd_option(default="no", option="PubkeyAuthentication", value="yes") }}} diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_enable_warning_banner_net/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_enable_warning_banner_net/rule.yml index 95301fc60c7..f62c3bbf77e 100644 --- a/linux_os/guide/services/ssh/ssh_server/sshd_enable_warning_banner_net/rule.yml +++ b/linux_os/guide/services/ssh/ssh_server/sshd_enable_warning_banner_net/rule.yml @@ -43,6 +43,7 @@ references: ospp: FTA_TAB.1 srg: SRG-OS-000023-GPOS-00006,SRG-OS-000228-GPOS-00088 stigid@ubuntu2004: UBTU-20-010038 + stigid@ubuntu2204: UBTU-22-255020 {{{ complete_ocil_entry_sshd_option(default="no", option="Banner", value="/etc/issue.net") }}} diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_idle_timeout/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_set_idle_timeout/rule.yml index 9e9dca3e22f..7f6e1ab9544 100644 --- a/linux_os/guide/services/ssh/ssh_server/sshd_set_idle_timeout/rule.yml +++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_idle_timeout/rule.yml @@ -62,6 +62,7 @@ references: stigid@sle12: SLES-12-030190 stigid@sle15: SLES-15-010280 stigid@ubuntu2004: UBTU-20-010037 + stigid@ubuntu2204: UBTU-22-255035 requires: {{% if product in ['ubuntu2004', 'ubuntu2204'] %}} diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_keepalive/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_set_keepalive/rule.yml index e94e8a6bc74..af753480f98 100644 --- a/linux_os/guide/services/ssh/ssh_server/sshd_set_keepalive/rule.yml +++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_keepalive/rule.yml @@ -54,6 +54,7 @@ references: stigid@sle12: SLES-12-030191 stigid@sle15: SLES-15-010320 stigid@ubuntu2004: UBTU-20-010036 + stigid@ubuntu2204: UBTU-22-255030 requires: - sshd_set_idle_timeout diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_ciphers_ordered_stig/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_ciphers_ordered_stig/rule.yml index c330a0045d5..7bbbc159320 100644 --- a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_ciphers_ordered_stig/rule.yml +++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_ciphers_ordered_stig/rule.yml @@ -35,6 +35,7 @@ references: stigid@rhel7: RHEL-07-040110 stigid@sle15: SLES-15-010160 stigid@ubuntu2004: UBTU-20-010044 + stigid@ubuntu2204: UBTU-22-255050 ocil_clause: 'FIPS ciphers are not configured or the enabled ciphers are not FIPS-approved' diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/rule.yml index 4173ce47fa2..769f0fe21d5 100644 --- a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/rule.yml +++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/rule.yml @@ -52,6 +52,7 @@ references: stigid@sle12: SLES-12-030270 stigid@sle15: SLES-15-040450 stigid@ubuntu2004: UBTU-20-010045 + stigid@ubuntu2204: UBTU-22-255060 ocil_clause: 'KexAlgorithms option is commented out, contains non-approved algorithms, or the FIPS-approved algorithms are not in the exact order' diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs_ordered_stig/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs_ordered_stig/rule.yml index b4f05f07979..9a928a10b2e 100644 --- a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs_ordered_stig/rule.yml +++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs_ordered_stig/rule.yml @@ -28,6 +28,7 @@ references: stigid@rhel7: RHEL-07-040400 stigid@sle15: SLES-15-010270 stigid@ubuntu2004: UBTU-20-010043 + stigid@ubuntu2204: UBTU-22-255055 ocil_clause: 'MACs option is commented out or not using FIPS-approved hash algorithms' diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_x11_use_localhost/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_x11_use_localhost/rule.yml index 509de2a3000..3dba535612a 100644 --- a/linux_os/guide/services/ssh/ssh_server/sshd_x11_use_localhost/rule.yml +++ b/linux_os/guide/services/ssh/ssh_server/sshd_x11_use_localhost/rule.yml @@ -41,6 +41,7 @@ references: stigid@rhel8: RHEL-08-040341 stigid@sle12: SLES-12-030261 stigid@ubuntu2004: UBTU-20-010049 + stigid@ubuntu2204: UBTU-22-255045 ocil_clause: "the display proxy is listening on wildcard address" diff --git a/linux_os/guide/services/sssd/sssd_offline_cred_expiration/rule.yml b/linux_os/guide/services/sssd/sssd_offline_cred_expiration/rule.yml index 97bb894c981..749eacd9910 100644 --- a/linux_os/guide/services/sssd/sssd_offline_cred_expiration/rule.yml +++ b/linux_os/guide/services/sssd/sssd_offline_cred_expiration/rule.yml @@ -50,6 +50,7 @@ references: stigid@sle12: SLES-12-010680 stigid@sle15: SLES-15-010500 stigid@ubuntu2004: UBTU-20-010441 + stigid@ubuntu2204: UBTU-22-631015 ocil_clause: 'it does not exist or is not configured properly' diff --git a/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue_net/rule.yml b/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue_net/rule.yml index 625f8f38fd4..b420a03b002 100644 --- a/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue_net/rule.yml +++ b/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue_net/rule.yml @@ -62,6 +62,7 @@ references: disa: CCI-000048,CCI-001384,CCI-001385,CCI-001386,CCI-001387,CCI-001388 srg: SRG-OS-000023-GPOS-00006,SRG-OS-000228-GPOS-00088 stigid@ubuntu2004: UBTU-20-010038 + stigid@ubuntu2204: UBTU-22-255020 ocil_clause: 'it does not display the required banner' diff --git a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_banner_enabled/rule.yml b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_banner_enabled/rule.yml index 330a62f9743..84a4a03485a 100644 --- a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_banner_enabled/rule.yml +++ b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_banner_enabled/rule.yml @@ -59,6 +59,7 @@ references: stigid@sle12: SLES-12-010040 stigid@sle15: SLES-15-010080 stigid@ubuntu2004: UBTU-20-010002 + stigid@ubuntu2204: UBTU-22-271010 ocil_clause: 'it is not' diff --git a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/rule.yml b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/rule.yml index 4ebe3c4e60e..c4653647ca7 100644 --- a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/rule.yml +++ b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/rule.yml @@ -63,6 +63,7 @@ references: stigid@sle12: SLES-12-010050 stigid@sle15: SLES-15-010090 stigid@ubuntu2004: UBTU-20-010003 + stigid@ubuntu2204: UBTU-22-271015 ocil_clause: 'it does not' diff --git a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/rule.yml b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/rule.yml index de75b66b2c6..d897045e3b9 100644 --- a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/rule.yml +++ b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/rule.yml @@ -58,6 +58,7 @@ references: stigid@sle12: SLES-12-010390 stigid@sle15: SLES-15-020080 stigid@ubuntu2004: UBTU-20-010453 + stigid@ubuntu2204: UBTU-22-412015 platform: package[pam] diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/rule.yml index 3a23940ea7c..3b8210eaea5 100644 --- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/rule.yml +++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/rule.yml @@ -43,6 +43,7 @@ references: srg: SRG-OS-000077-GPOS-00045 stigid@sle15: SLES-15-020250 stigid@ubuntu2004: UBTU-20-010070 + stigid@ubuntu2204: UBTU-22-611050 ocil_clause: 'the value of remember is not equal to or greater than the expected value' diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faildelay_delay/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faildelay_delay/rule.yml index 992622447c4..f7a4d51c48a 100644 --- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faildelay_delay/rule.yml +++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faildelay_delay/rule.yml @@ -27,6 +27,7 @@ references: stigid@sle12: SLES-12-010370 stigid@sle15: SLES-15-040010 stigid@ubuntu2004: UBTU-20-010075 + stigid@ubuntu2204: UBTU-22-412010 ocil_clause: 'the value of delay is not set properly or the line is commented or missing' diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_audit/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_audit/rule.yml index b52b585b4ed..f80717ab290 100644 --- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_audit/rule.yml +++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_audit/rule.yml @@ -21,6 +21,7 @@ references: stigid@ol8: OL08-00-020020,OL08-00-020021 stigid@rhel8: RHEL-08-020021 stigid@ubuntu2004: UBTU-20-010072 + stigid@ubuntu2204: UBTU-22-411045 {{% if product == "rhel8" %}} platform: os_linux[rhel]>=8.2 diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/rule.yml index 9569c5a0057..41fba880482 100644 --- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/rule.yml +++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/rule.yml @@ -59,6 +59,7 @@ references: stigid@rhel7: RHEL-07-010320 stigid@rhel8: RHEL-08-020011 stigid@ubuntu2004: UBTU-20-010072 + stigid@ubuntu2204: UBTU-22-411045 platform: package[pam] diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/rule.yml index d7b53022470..f4e2cc50c93 100644 --- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/rule.yml +++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/rule.yml @@ -54,6 +54,7 @@ references: stigid@rhel7: RHEL-07-010320 stigid@rhel8: RHEL-08-020012,RHEL-08-020013 stigid@ubuntu2004: UBTU-20-010072 + stigid@ubuntu2204: UBTU-22-411045 platform: package[pam] diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_silent/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_silent/rule.yml index 5e228a5f689..71ca92bfaef 100644 --- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_silent/rule.yml +++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_silent/rule.yml @@ -31,6 +31,7 @@ references: stigid@ol8: OL08-00-020018,OL08-00-020019 stigid@rhel8: RHEL-08-020018,RHEL-08-020019 stigid@ubuntu2004: UBTU-20-010072 + stigid@ubuntu2204: UBTU-22-411045 ocil_clause: 'the system shows messages when three unsuccessful logon attempts occur' diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/rule.yml index 914fe30aa02..ea9414e6b07 100644 --- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/rule.yml +++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/rule.yml @@ -61,6 +61,7 @@ references: stigid@rhel7: RHEL-07-010320 stigid@rhel8: RHEL-08-020014,RHEL-08-020015 stigid@ubuntu2004: UBTU-20-010072 + stigid@ubuntu2204: UBTU-22-411045 platform: package[pam] diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_tally2/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_tally2/rule.yml index d68d6d3190d..fc33b8af501 100644 --- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_tally2/rule.yml +++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_tally2/rule.yml @@ -50,6 +50,7 @@ references: stigid@sle12: SLES-12-010130 stigid@sle15: SLES-15-020010 stigid@ubuntu2004: UBTU-20-010072 + stigid@ubuntu2204: UBTU-22-411045 ocil_clause: 'the account option is missing or commented out' diff --git a/linux_os/guide/system/accounts/accounts-pam/package_pam_pwquality_installed/rule.yml b/linux_os/guide/system/accounts/accounts-pam/package_pam_pwquality_installed/rule.yml index 2ee51cd8826..b510ed9a93a 100644 --- a/linux_os/guide/system/accounts/accounts-pam/package_pam_pwquality_installed/rule.yml +++ b/linux_os/guide/system/accounts/accounts-pam/package_pam_pwquality_installed/rule.yml @@ -29,6 +29,7 @@ references: disa: CCI-000366 srg: SRG-OS-000480-GPOS-00225 stigid@ubuntu2004: UBTU-20-010057 + stigid@ubuntu2204: UBTU-22-215010 ocil_clause: 'the package is not installed' diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_dcredit/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_dcredit/rule.yml index 3e473f85e85..1aca3efe64f 100644 --- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_dcredit/rule.yml +++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_dcredit/rule.yml @@ -51,6 +51,7 @@ references: stigid@rhel7: RHEL-07-010140 stigid@rhel8: RHEL-08-020130 stigid@ubuntu2004: UBTU-20-010052 + stigid@ubuntu2204: UBTU-22-611020 ocil_clause: 'the value of "dcredit" is a positive number or is commented out' diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_dictcheck/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_dictcheck/rule.yml index e052504e069..1f0b9b186d9 100644 --- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_dictcheck/rule.yml +++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_dictcheck/rule.yml @@ -32,6 +32,7 @@ references: stigid@ol8: OL08-00-020300 stigid@rhel8: RHEL-08-020300 stigid@ubuntu2004: UBTU-20-010056 + stigid@ubuntu2204: UBTU-22-611030 ocil_clause: '"dictcheck" does not have a value other than "0", or is commented out' diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_difok/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_difok/rule.yml index 1a5c40bb4c0..a615793c2c5 100644 --- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_difok/rule.yml +++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_difok/rule.yml @@ -49,6 +49,7 @@ references: stigid@rhel7: RHEL-07-010160 stigid@rhel8: RHEL-08-020170 stigid@ubuntu2004: UBTU-20-010053 + stigid@ubuntu2204: UBTU-22-611040 ocil_clause: 'the value of "difok" is set to less than "{{{ xccdf_value("var_password_pam_difok") }}}", or is commented out' diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_enforcing/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_enforcing/rule.yml index 0b118082955..ef9eba31a61 100644 --- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_enforcing/rule.yml +++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_enforcing/rule.yml @@ -31,6 +31,7 @@ references: disa: CCI-000366 srg: SRG-OS-000480-GPOS-00225 stigid@ubuntu2004: UBTU-20-010057 + stigid@ubuntu2204: UBTU-22-611045 ocil_clause: 'enforcing is not uncommented or configured correctly' diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_lcredit/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_lcredit/rule.yml index c3a1e6c6d09..9f4b51c3ba4 100644 --- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_lcredit/rule.yml +++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_lcredit/rule.yml @@ -51,6 +51,7 @@ references: stigid@rhel7: RHEL-07-010130 stigid@rhel8: RHEL-08-020120 stigid@ubuntu2004: UBTU-20-010051 + stigid@ubuntu2204: UBTU-22-611015 ocil_clause: 'the value of "lcredit" is a positive number or is commented out' diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minlen/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minlen/rule.yml index a96628d62ec..30512ca7e7b 100644 --- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minlen/rule.yml +++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minlen/rule.yml @@ -51,6 +51,7 @@ references: stigid@rhel7: RHEL-07-010280 stigid@rhel8: RHEL-08-020230 stigid@ubuntu2004: UBTU-20-010054 + stigid@ubuntu2204: UBTU-22-611035 ocil_clause: 'the command does not return a "minlen" value of "{{{ xccdf_value("var_password_pam_minlen") }}}" or greater, does not return a line, or the line is commented out' diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_ocredit/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_ocredit/rule.yml index 65e3b071510..129e683c9cb 100644 --- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_ocredit/rule.yml +++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_ocredit/rule.yml @@ -52,6 +52,7 @@ references: stigid@rhel7: RHEL-07-010150 stigid@rhel8: RHEL-08-020280 stigid@ubuntu2004: UBTU-20-010055 + stigid@ubuntu2204: UBTU-22-611025 ocil_clause: 'value of "ocredit" is a positive number or is commented out' diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/rule.yml index 1a64bc73be7..411a67363a4 100644 --- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/rule.yml +++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/rule.yml @@ -51,6 +51,7 @@ references: stigid@rhel7: RHEL-07-010119 stigid@rhel8: RHEL-08-020104 stigid@ubuntu2004: UBTU-20-010057 + stigid@ubuntu2204: UBTU-22-611045 ocil_clause: 'the value of "retry" is set to "0" or greater than "{{{ xccdf_value("var_password_pam_retry") }}}", or is missing' diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_ucredit/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_ucredit/rule.yml index 124bfe82256..eddf5c0222b 100644 --- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_ucredit/rule.yml +++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_ucredit/rule.yml @@ -48,6 +48,7 @@ references: stigid@rhel7: RHEL-07-010120 stigid@rhel8: RHEL-08-020110 stigid@ubuntu2004: UBTU-20-010050 + stigid@ubuntu2204: UBTU-22-611010 ocil_clause: 'the value of "ucredit" is a positive number or is commented out' diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/rule.yml b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/rule.yml index 57888da0373..355df7fb0f7 100644 --- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/rule.yml +++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/rule.yml @@ -48,6 +48,7 @@ references: stigid@sle12: SLES-12-010210 stigid@sle15: SLES-15-010260 stigid@ubuntu2004: UBTU-20-010404 + stigid@ubuntu2204: UBTU-22-611070 ocil_clause: 'ENCRYPT_METHOD is not set to {{{ xccdf_value("var_password_hashing_algorithm") }}}' diff --git a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/rule.yml b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/rule.yml index 690c52aa04a..beb9c695d63 100644 --- a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/rule.yml +++ b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/rule.yml @@ -74,6 +74,7 @@ references: stigid@rhel8: RHEL-08-040172 stigid@sle15: SLES-15-040062 stigid@ubuntu2004: UBTU-20-010460 + stigid@ubuntu2204: UBTU-22-211015 ocil_clause: 'the system is configured to reboot when Ctrl-Alt-Del is pressed more than 7 times in 2 seconds.' diff --git a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/rule.yml b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/rule.yml index 51c13e050da..026b64da094 100644 --- a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/rule.yml +++ b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/rule.yml @@ -80,6 +80,7 @@ references: stigid@sle12: SLES-12-010610 stigid@sle15: SLES-15-040060 stigid@ubuntu2004: UBTU-20-010460 + stigid@ubuntu2204: UBTU-22-211015 ocil_clause: 'the system is configured to reboot when Ctrl-Alt-Del is pressed' diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/vlock_installed/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/vlock_installed/rule.yml index 8a844773f64..0aa51081b17 100644 --- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/vlock_installed/rule.yml +++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/vlock_installed/rule.yml @@ -40,6 +40,7 @@ references: stigid@sle12: SLES-12-010070 stigid@sle15: SLES-15-010110 stigid@ubuntu2004: UBTU-20-010005 + stigid@ubuntu2204: UBTU-22-412025 ocil_clause: 'the package is not installed' diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/install_smartcard_packages/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/install_smartcard_packages/rule.yml index 4a588977f83..7514548867e 100644 --- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/install_smartcard_packages/rule.yml +++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/install_smartcard_packages/rule.yml @@ -57,6 +57,7 @@ references: stigid@sle12: SLES-12-030500 stigid@sle15: SLES-15-010460 stigid@ubuntu2004: UBTU-20-010063 + stigid@ubuntu2204: UBTU-22-612010 ocil_clause: 'smartcard software is not installed' diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/package_opensc_installed/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/package_opensc_installed/rule.yml index dc7ab761ac1..2d9860b0d5d 100644 --- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/package_opensc_installed/rule.yml +++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/package_opensc_installed/rule.yml @@ -37,6 +37,7 @@ references: stigid@ol8: OL08-00-010410 stigid@rhel8: RHEL-08-010410 stigid@ubuntu2004: UBTU-20-010064 + stigid@ubuntu2204: UBTU-22-612015 ocil_clause: 'the package is not installed' diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_ca/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_ca/rule.yml index 9bcc1d4a345..b1901a0eae9 100644 --- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_ca/rule.yml +++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_ca/rule.yml @@ -34,6 +34,7 @@ references: stigid@sle12: SLES-12-030530 stigid@sle15: SLES-15-010170 stigid@ubuntu2004: UBTU-20-010060 + stigid@ubuntu2204: UBTU-22-612030 ocil_clause: 'ca is not configured' diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/rule.yml index c8d2bfcbd0e..4b480258dbf 100644 --- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/rule.yml +++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/rule.yml @@ -40,6 +40,7 @@ references: stigid@sle12: SLES-12-030510 stigid@sle15: SLES-15-010470 stigid@ubuntu2004: UBTU-20-010065 + stigid@ubuntu2204: UBTU-22-612025 ocil_clause: 'ocsp_on is not configured' diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_crl/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_crl/rule.yml index 4a9364f828e..0252df7b2d8 100644 --- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_crl/rule.yml +++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_crl/rule.yml @@ -22,6 +22,7 @@ references: disa: CCI-001991 srg: SRG-OS-000384-GPOS-00167 stigid@ubuntu2004: UBTU-20-010066 + stigid@ubuntu2204: UBTU-22-612035 ocil_clause: 'crl_auto or crl_offline is not configured' diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_pam_enabled/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_pam_enabled/rule.yml index 3a6e138f34c..088a2dc4a29 100644 --- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_pam_enabled/rule.yml +++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_pam_enabled/rule.yml @@ -61,6 +61,7 @@ references: stigid@sle12: SLES-12-030520 stigid@sle15: SLES-15-020030 stigid@ubuntu2004: UBTU-20-010033 + stigid@ubuntu2204: UBTU-22-612020 ocil_clause: 'non-exempt accounts are not using CAC authentication' diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/verify_use_mappers/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/verify_use_mappers/rule.yml index 441ca0db143..6308c5da8fb 100644 --- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/verify_use_mappers/rule.yml +++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/verify_use_mappers/rule.yml @@ -25,6 +25,7 @@ references: disa: CCI-000187 srg: SRG-OS-000068-GPOS-00036 stigid@ubuntu2004: UBTU-20-010006 + stigid@ubuntu2204: UBTU-22-612040 ocil_clause: 'use_mappers is not uncommented or configured correctly' diff --git a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/rule.yml index 4b17ec21627..c59420812c7 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/rule.yml +++ b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/rule.yml @@ -56,6 +56,7 @@ references: stigid@sle12: SLES-12-010340 stigid@sle15: SLES-15-020050 stigid@ubuntu2004: UBTU-20-010409 + stigid@ubuntu2204: UBTU-22-411035 ocil_clause: 'the value of INACTIVE is greater than the expected value or is -1' diff --git a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_temp_expire_date/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_temp_expire_date/rule.yml index 2344d1e9e2d..306dd9bae18 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_temp_expire_date/rule.yml +++ b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_temp_expire_date/rule.yml @@ -49,6 +49,7 @@ references: stigid@sle12: SLES-12-010331 stigid@sle15: SLES-15-020061 stigid@ubuntu2004: UBTU-20-010000 + stigid@ubuntu2204: UBTU-22-411040 ocil_clause: 'any temporary accounts have no expiration date set or do not expire within 72 hours' diff --git a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/policy_temp_passwords_immediate_change/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/policy_temp_passwords_immediate_change/rule.yml index 82c6939be47..0a45178d12e 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/policy_temp_passwords_immediate_change/rule.yml +++ b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/policy_temp_passwords_immediate_change/rule.yml @@ -34,6 +34,7 @@ references: srg: SRG-OS-000380-GPOS-00165 stigid@sle12: SLES-12-010660 stigid@ubuntu2004: UBTU-20-010440 + stigid@ubuntu2204: UBTU-22-411020 ocil_clause: 'any temporary or emergency accounts have no expiration date set or do not expire within a documented time frame' diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/rule.yml index ad3af5b010e..a3ec2a58d1b 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/rule.yml +++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/rule.yml @@ -56,6 +56,7 @@ references: stigid@sle12: SLES-12-010280 stigid@sle15: SLES-15-020220 stigid@ubuntu2004: UBTU-20-010008 + stigid@ubuntu2204: UBTU-22-411030 ocil_clause: 'the "PASS_MAX_DAYS" parameter value is greater than "{{{ xccdf_value("var_accounts_maximum_age_login_defs") }}}", or commented out' diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_minimum_age_login_defs/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_minimum_age_login_defs/rule.yml index 5c4a7524815..c9d5bd990aa 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_minimum_age_login_defs/rule.yml +++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_minimum_age_login_defs/rule.yml @@ -55,6 +55,7 @@ references: stigid@sle12: SLES-12-010260 stigid@sle15: SLES-15-020200 stigid@ubuntu2004: UBTU-20-010007 + stigid@ubuntu2204: UBTU-22-411025 ocil_clause: 'the "PASS_MIN_DAYS" parameter value is not "{{{ xccdf_value("var_accounts_minimum_age_login_defs") }}}" or greater, or is commented out' diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/ensure_sudo_group_restricted/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/ensure_sudo_group_restricted/rule.yml index b20a74c0c98..a9c25bf560f 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/ensure_sudo_group_restricted/rule.yml +++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/ensure_sudo_group_restricted/rule.yml @@ -24,6 +24,7 @@ references: disa: CCI-001084 srg: SRG-OS-000134-GPOS-00068 stigid@ubuntu2004: UBTU-20-010012 + stigid@ubuntu2204: UBTU-22-432015 warnings: - general: |- diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_duplicate_uids/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_duplicate_uids/rule.yml index 4b529d453c7..8f53d94cde0 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_duplicate_uids/rule.yml +++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_duplicate_uids/rule.yml @@ -20,6 +20,7 @@ references: disa: CCI-000764,CCI-000804 srg: SRG-OS-000104-GPOS-00051,SRG-OS-000121-GPOS-00062 stigid@ubuntu2004: UBTU-20-010010 + stigid@ubuntu2204: UBTU-22-411015 warnings: - general: |- diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/rule.yml index 67e71a6d943..d229eaf54e6 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/rule.yml +++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/rule.yml @@ -57,6 +57,7 @@ references: stigid@sle12: SLES-12-010231 stigid@sle15: SLES-15-020300 stigid@ubuntu2004: UBTU-20-010463 + stigid@ubuntu2204: UBTU-22-611060 ocil_clause: 'NULL passwords can be used' diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords_etc_shadow/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords_etc_shadow/rule.yml index 524bcbf8a7f..db95513ea22 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords_etc_shadow/rule.yml +++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords_etc_shadow/rule.yml @@ -42,6 +42,7 @@ references: stigid@sle12: SLES-12-010221 stigid@sle15: SLES-15-020181 stigid@ubuntu2004: UBTU-20-010462 + stigid@ubuntu2204: UBTU-22-611065 ocil_clause: 'Blank or NULL passwords can be used' diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/prevent_direct_root_logins/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/prevent_direct_root_logins/rule.yml index 37c970c0b1e..9213913bac3 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/prevent_direct_root_logins/rule.yml +++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/prevent_direct_root_logins/rule.yml @@ -18,6 +18,7 @@ references: disa: CCI-000770 srg: SRG-OS-000109-GPOS-00056 stigid@ubuntu2004: UBTU-20-010408 + stigid@ubuntu2204: UBTU-22-411010 ocil_clause: 'the output does not contain "L" in the second field' diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_max_concurrent_login_sessions/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_max_concurrent_login_sessions/rule.yml index 238a4c35bc1..81984dbae44 100644 --- a/linux_os/guide/system/accounts/accounts-session/accounts_max_concurrent_login_sessions/rule.yml +++ b/linux_os/guide/system/accounts/accounts-session/accounts_max_concurrent_login_sessions/rule.yml @@ -43,6 +43,7 @@ references: stigid@sle12: SLES-12-010120 stigid@sle15: SLES-15-020020 stigid@ubuntu2004: UBTU-20-010400 + stigid@ubuntu2204: UBTU-22-412020 ocil_clause: |- the "maxlogins" item is missing, commented out, or the value is set greater diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_tmout/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/rule.yml index 760a61e5eb5..fe052c8c50d 100644 --- a/linux_os/guide/system/accounts/accounts-session/accounts_tmout/rule.yml +++ b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/rule.yml @@ -67,6 +67,7 @@ references: stigid@sle12: SLES-12-010090 stigid@sle15: SLES-15-010130 stigid@ubuntu2004: UBTU-20-010013 + stigid@ubuntu2204: UBTU-22-412030 ocil_clause: 'value of TMOUT is not less than or equal to expected setting' diff --git a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_login_defs/rule.yml b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_login_defs/rule.yml index 9cf8c4c2033..09d630e535b 100644 --- a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_login_defs/rule.yml +++ b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_login_defs/rule.yml @@ -43,6 +43,7 @@ references: stigid@sle12: SLES-12-010620 stigid@sle15: SLES-15-040420 stigid@ubuntu2004: UBTU-20-010016 + stigid@ubuntu2204: UBTU-22-412035 ocil_clause: 'the value for the "UMASK" parameter is not "{{{ xccdf_value("var_accounts_user_umask") }}}", or the "UMASK" parameter is missing or is commented out' diff --git a/linux_os/guide/system/apparmor/apparmor_configured/rule.yml b/linux_os/guide/system/apparmor/apparmor_configured/rule.yml index 129ed48e4c7..6ae8fd79f25 100644 --- a/linux_os/guide/system/apparmor/apparmor_configured/rule.yml +++ b/linux_os/guide/system/apparmor/apparmor_configured/rule.yml @@ -47,6 +47,7 @@ references: stigid@sle12: SLES-12-010600 stigid@sle15: SLES-15-010390 stigid@ubuntu2004: UBTU-20-010439 + stigid@ubuntu2204: UBTU-22-431015 ocil_clause: 'it is not' diff --git a/linux_os/guide/system/apparmor/package_apparmor_installed/rule.yml b/linux_os/guide/system/apparmor/package_apparmor_installed/rule.yml index 63f826742a6..702490af751 100644 --- a/linux_os/guide/system/apparmor/package_apparmor_installed/rule.yml +++ b/linux_os/guide/system/apparmor/package_apparmor_installed/rule.yml @@ -17,6 +17,7 @@ references: disa: CCI-001764,CCI-001774,CCI-002165,CCI-002235 srg: SRG-OS-000368-GPOS-00154,SRG-OS-000312-GPOS-00122,SRG-OS-000312-GPOS-00123,SRG-OS-000312-GPOS-00124,SRG-OS-000324-GPOS-00125,SRG-OS-000370-GPOS-00155 stigid@ubuntu2004: UBTU-20-010439 + stigid@ubuntu2204: UBTU-22-431010 template: name: package_installed diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chmod/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chmod/rule.yml index 34c180fd0b8..db2e7a83e4f 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chmod/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chmod/rule.yml @@ -64,6 +64,7 @@ references: stigid@sle12: SLES-12-020460 stigid@sle15: SLES-15-030290 stigid@ubuntu2004: UBTU-20-010152 + stigid@ubuntu2204: UBTU-22-654155 ocil_clause: 'the system is not configured to audit permission changes' diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chown/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chown/rule.yml index 7cc808a5c3b..6f99c1785ad 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chown/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chown/rule.yml @@ -64,6 +64,7 @@ references: stigid@sle12: SLES-12-020420 stigid@sle15: SLES-15-030250 stigid@ubuntu2004: UBTU-20-010148 + stigid@ubuntu2204: UBTU-22-654160 {{{ complete_ocil_entry_audit_syscall(syscall="chown") }}} diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_setxattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_setxattr/rule.yml index 335f15e7968..c46dc6dd0bc 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_setxattr/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_setxattr/rule.yml @@ -73,6 +73,7 @@ references: stigid@sle12: SLES-12-020370 stigid@sle15: SLES-15-030190 stigid@ubuntu2004: UBTU-20-010142 + stigid@ubuntu2204: UBTU-22-654180 {{{ complete_ocil_entry_audit_syscall(syscall="setxattr") }}} diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_acl_commands/audit_rules_execution_chacl/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_acl_commands/audit_rules_execution_chacl/rule.yml index 2eff921f000..d303fe34779 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_acl_commands/audit_rules_execution_chacl/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_acl_commands/audit_rules_execution_chacl/rule.yml @@ -42,6 +42,7 @@ references: stigid@sle12: SLES-12-020620 stigid@sle15: SLES-15-030440 stigid@ubuntu2004: UBTU-20-010168 + stigid@ubuntu2204: UBTU-22-654015 {{{ ocil_fix_srg_privileged_command("chacl", "/usr/bin/", "perm_mod") }}} diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_acl_commands/audit_rules_execution_setfacl/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_acl_commands/audit_rules_execution_setfacl/rule.yml index 7ef8c41133c..aa8c37418f6 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_acl_commands/audit_rules_execution_setfacl/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_acl_commands/audit_rules_execution_setfacl/rule.yml @@ -41,6 +41,7 @@ references: stigid@sle12: SLES-12-020610 stigid@sle15: SLES-15-030430 stigid@ubuntu2004: UBTU-20-010167 + stigid@ubuntu2204: UBTU-22-654085 {{{ ocil_fix_srg_privileged_command("setfacl", "/usr/bin/", "perm_mod") }}} diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_chcon/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_chcon/rule.yml index f7b9d43a09a..b88b106a4cd 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_chcon/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_chcon/rule.yml @@ -64,6 +64,7 @@ references: stigid@sle12: SLES-12-020630 stigid@sle15: SLES-15-030450 stigid@ubuntu2004: UBTU-20-010165 + stigid@ubuntu2204: UBTU-22-654025 {{{ ocil_fix_srg_privileged_command("chcon", "/usr/bin/", "perm_mod") }}} diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_rename/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_rename/rule.yml index 52fedb30cd2..2a241af6da8 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_rename/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_rename/rule.yml @@ -57,6 +57,7 @@ references: stigid@rhel7: RHEL-07-030910 stigid@rhel8: RHEL-08-030361 stigid@ubuntu2004: UBTU-20-010267 + stigid@ubuntu2204: UBTU-22-654185 {{{ complete_ocil_entry_audit_syscall(syscall="rename") }}} diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_renameat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_renameat/rule.yml index d82ff5fa4b6..ff84c8242c1 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_renameat/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_renameat/rule.yml @@ -54,6 +54,7 @@ references: stigid@rhel7: RHEL-07-030910 stigid@rhel8: RHEL-08-030361 stigid@ubuntu2004: UBTU-20-010267 + stigid@ubuntu2204: UBTU-22-654185 {{{ complete_ocil_entry_audit_syscall(syscall="renameat") }}} diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_rmdir/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_rmdir/rule.yml index a6f1fc6deb1..3842c23b7b6 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_rmdir/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_rmdir/rule.yml @@ -53,6 +53,7 @@ references: stigid@rhel7: RHEL-07-030910 stigid@rhel8: RHEL-08-030361 stigid@ubuntu2004: UBTU-20-010267 + stigid@ubuntu2204: UBTU-22-654185 {{{ complete_ocil_entry_audit_syscall(syscall="rmdir") }}} diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlink/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlink/rule.yml index e2de0922294..c94560c087a 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlink/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlink/rule.yml @@ -57,6 +57,7 @@ references: stigid@rhel7: RHEL-07-030910 stigid@rhel8: RHEL-08-030361 stigid@ubuntu2004: UBTU-20-010267 + stigid@ubuntu2204: UBTU-22-654185 {{{ complete_ocil_entry_audit_syscall(syscall="unlink") }}} diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlinkat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlinkat/rule.yml index a29461c03f6..99ff347bef6 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlinkat/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlinkat/rule.yml @@ -54,6 +54,7 @@ references: stigid@rhel7: RHEL-07-030910 stigid@rhel8: RHEL-08-030361 stigid@ubuntu2004: UBTU-20-010267 + stigid@ubuntu2204: UBTU-22-654185 {{{ complete_ocil_entry_audit_syscall(syscall="unlinkat") }}} diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open/rule.yml index 995220254f0..276fb267dfd 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open/rule.yml @@ -71,6 +71,7 @@ references: stigid@sle12: SLES-12-020490 stigid@sle15: SLES-15-030150 stigid@ubuntu2004: UBTU-20-010155 + stigid@ubuntu2204: UBTU-22-654165 ocil: |- {{{ ocil_audit_rules_unsuccessful_file_modification("open", "access") | indent(4) }}} diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/rule.yml index 53ff9fbccf7..b0455540c55 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/rule.yml @@ -60,6 +60,7 @@ references: stigid@sle12: SLES-12-020730 stigid@sle15: SLES-15-030520 stigid@ubuntu2004: UBTU-20-010181 + stigid@ubuntu2204: UBTU-22-654170 {{{ complete_ocil_entry_audit_syscall(syscall="delete_module") }}} diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/rule.yml index 8dbb2d738ce..f157e6a87b1 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/rule.yml @@ -59,6 +59,7 @@ references: stigid@sle12: SLES-12-020740 stigid@sle15: SLES-15-030530 stigid@ubuntu2004: UBTU-20-010179 + stigid@ubuntu2204: UBTU-22-654175 {{{ complete_ocil_entry_audit_syscall(syscall="finit_module") }}} diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/rule.yml index 16041016c57..bfa6221798f 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/rule.yml @@ -60,6 +60,7 @@ references: stigid@sle12: SLES-12-020740 stigid@sle15: SLES-15-030530 stigid@ubuntu2004: UBTU-20-010179 + stigid@ubuntu2204: UBTU-22-654175 {{{ complete_ocil_entry_audit_syscall(syscall="init_module") }}} diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillog/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillog/rule.yml index c2df29c1112..6801152e224 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillog/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillog/rule.yml @@ -37,6 +37,7 @@ references: srg: SRG-OS-000037-GPOS-00015 stigid@sle12: SLES-12-020760 stigid@ubuntu2004: UBTU-20-010170 + stigid@ubuntu2204: UBTU-22-654210 ocil_clause: 'there is no output' diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_lastlog/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_lastlog/rule.yml index 1f76c138c17..dcf4b562411 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_lastlog/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_lastlog/rule.yml @@ -56,6 +56,7 @@ references: stigid@sle12: SLES-12-020660 stigid@sle15: SLES-15-030480 stigid@ubuntu2004: UBTU-20-010171 + stigid@ubuntu2204: UBTU-22-654215 ocil_clause: 'the command does not return a line, or the line is commented out' diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_apparmor_parser/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_apparmor_parser/rule.yml index f770bb66604..bfdba35f20e 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_apparmor_parser/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_apparmor_parser/rule.yml @@ -30,6 +30,7 @@ references: disa: CCI-000172 srg: SRG-OS-000064-GPOS-00033 stigid@ubuntu2004: UBTU-20-010166 + stigid@ubuntu2204: UBTU-22-654010 ocil: |- To verify that execution of the command is being audited, run the following command: diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chage/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chage/rule.yml index 97636e95d1c..d891fc1fcfe 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chage/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chage/rule.yml @@ -63,6 +63,7 @@ references: stigid@sle12: SLES-12-020690 stigid@sle15: SLES-15-030120 stigid@ubuntu2004: UBTU-20-010175 + stigid@ubuntu2204: UBTU-22-654020 {{{ ocil_fix_srg_privileged_command("chage") }}} diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chfn/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chfn/rule.yml index b6e9379bf9b..b2ef7a808a3 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chfn/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chfn/rule.yml @@ -38,6 +38,7 @@ references: stigid@sle12: SLES-12-020280 stigid@sle15: SLES-15-030340 stigid@ubuntu2004: UBTU-20-010137 + stigid@ubuntu2204: UBTU-22-654030 ocil_clause: '{{{ ocil_clause_audit() }}}' diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chsh/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chsh/rule.yml index e9872e8a3c4..ea03eab50f7 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chsh/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chsh/rule.yml @@ -63,6 +63,7 @@ references: stigid@sle12: SLES-12-020580 stigid@sle15: SLES-15-030100 stigid@ubuntu2004: UBTU-20-010163 + stigid@ubuntu2204: UBTU-22-654035 {{{ ocil_fix_srg_privileged_command("chsh") }}} diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_crontab/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_crontab/rule.yml index 6ea9eeed7f6..bb54d9f50c9 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_crontab/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_crontab/rule.yml @@ -62,6 +62,7 @@ references: stigid@sle12: SLES-12-020710 stigid@sle15: SLES-15-030130 stigid@ubuntu2004: UBTU-20-010177 + stigid@ubuntu2204: UBTU-22-654040 {{{ ocil_fix_srg_privileged_command("crontab") }}} diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_fdisk/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_fdisk/rule.yml index fecc162a827..8c1ba2e267e 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_fdisk/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_fdisk/rule.yml @@ -21,6 +21,7 @@ references: disa: CCI-000172 srg: SRG-OS-000477-GPOS-00222 stigid@ubuntu2004: UBTU-20-010298 + stigid@ubuntu2204: UBTU-22-654045 ocil_clause: '{{{ ocil_clause_audit() }}}' diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_gpasswd/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_gpasswd/rule.yml index d51a5ba639d..8180bd48a12 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_gpasswd/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_gpasswd/rule.yml @@ -64,6 +64,7 @@ references: stigid@sle12: SLES-12-020560 stigid@sle15: SLES-15-030080 stigid@ubuntu2004: UBTU-20-010174 + stigid@ubuntu2204: UBTU-22-654050 {{{ ocil_fix_srg_privileged_command("gpasswd") }}} diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_kmod/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_kmod/rule.yml index 4c1d8125a46..0d5422c373d 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_kmod/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_kmod/rule.yml @@ -50,6 +50,7 @@ references: stigid@sle12: SLES-12-020360 stigid@sle15: SLES-15-030410 stigid@ubuntu2004: UBTU-20-010297 + stigid@ubuntu2204: UBTU-22-654055 {{{ ocil_fix_srg_privileged_command("kmod") }}} diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_modprobe/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_modprobe/rule.yml index 5767a369757..e8bac1dce04 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_modprobe/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_modprobe/rule.yml @@ -45,6 +45,7 @@ references: srg: SRG-OS-000037-GPOS-00015,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215 stigid@sle15: SLES-15-030400 stigid@ubuntu2004: UBTU-20-010296 + stigid@ubuntu2204: UBTU-22-654060 ocil_clause: '{{{ ocil_clause_audit() }}}' diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_mount/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_mount/rule.yml index 9925cf2f535..e773b8a2ea6 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_mount/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_mount/rule.yml @@ -53,6 +53,7 @@ references: stigid@rhel8: RHEL-08-030300 stigid@sle12: SLES-12-020290 stigid@ubuntu2004: UBTU-20-010138 + stigid@ubuntu2204: UBTU-22-654065 {{{ ocil_fix_srg_privileged_command("mount") }}} diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgrp/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgrp/rule.yml index 21fdc14f08f..7da59f72330 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgrp/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgrp/rule.yml @@ -64,6 +64,7 @@ references: stigid@sle12: SLES-12-020570 stigid@sle15: SLES-15-030090 stigid@ubuntu2004: UBTU-20-010164 + stigid@ubuntu2204: UBTU-22-654070 {{{ ocil_fix_srg_privileged_command("newgrp") }}} diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pam_timestamp_check/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pam_timestamp_check/rule.yml index 5f1eeb2de38..b7e78777261 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pam_timestamp_check/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pam_timestamp_check/rule.yml @@ -68,6 +68,7 @@ references: stigid@sle12: SLES-12-020720 stigid@sle15: SLES-15-030510 stigid@ubuntu2004: UBTU-20-010178 + stigid@ubuntu2204: UBTU-22-654075 {{% if product not in ["sle12", "sle15"] %}} {{{ ocil_fix_srg_privileged_command("pam_timestamp_check", "/usr/sbin/") }}} diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_passwd/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_passwd/rule.yml index d7318cbab04..1bbfd35d8e7 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_passwd/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_passwd/rule.yml @@ -62,6 +62,7 @@ references: stigid@sle12: SLES-12-020550 stigid@sle15: SLES-15-030070 stigid@ubuntu2004: UBTU-20-010172 + stigid@ubuntu2204: UBTU-22-654080 {{{ ocil_fix_srg_privileged_command("passwd") }}} diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_ssh_agent/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_ssh_agent/rule.yml index 4b0ac341497..c2923f16dc1 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_ssh_agent/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_ssh_agent/rule.yml @@ -43,6 +43,7 @@ references: stigid@sle12: SLES-12-020310 stigid@sle15: SLES-15-030370 stigid@ubuntu2004: UBTU-20-010140 + stigid@ubuntu2204: UBTU-22-654090 {{{ ocil_fix_srg_privileged_command("ssh-agent") }}} diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_ssh_keysign/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_ssh_keysign/rule.yml index 92d86ba5a51..9352b1582ed 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_ssh_keysign/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_ssh_keysign/rule.yml @@ -71,6 +71,7 @@ references: stigid@sle12: SLES-12-020320 stigid@sle15: SLES-15-030060 stigid@ubuntu2004: UBTU-20-010141 + stigid@ubuntu2204: UBTU-22-654095 {{{ ocil_fix_srg_privileged_command("ssh-keysign", "/usr/libexec/openssh/") }}} diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_su/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_su/rule.yml index 2cab4c12ac2..de9472122c3 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_su/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_su/rule.yml @@ -63,6 +63,7 @@ references: stigid@sle12: SLES-12-020250 stigid@sle15: SLES-15-030550 stigid@ubuntu2004: UBTU-20-010136 + stigid@ubuntu2204: UBTU-22-654100 {{{ ocil_fix_srg_privileged_command("su") }}} diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudo/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudo/rule.yml index 51db71f981e..035ad30cef6 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudo/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudo/rule.yml @@ -63,6 +63,7 @@ references: stigid@sle12: SLES-12-020260 stigid@sle15: SLES-15-030560 stigid@ubuntu2004: UBTU-20-010161 + stigid@ubuntu2204: UBTU-22-654105 {{{ ocil_fix_srg_privileged_command("sudo") }}} template: diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudoedit/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudoedit/rule.yml index 4f58c77d546..2887b4eb697 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudoedit/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudoedit/rule.yml @@ -58,6 +58,7 @@ references: srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-APP-000495-CTR-001235 stigid@sle15: SLES-15-030330 stigid@ubuntu2004: UBTU-20-010162 + stigid@ubuntu2204: UBTU-22-654110 {{{ ocil_fix_srg_privileged_command("sudoedit") }}} diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_umount/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_umount/rule.yml index bde7ca4d9f5..9ff29558755 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_umount/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_umount/rule.yml @@ -61,6 +61,7 @@ references: stigid@rhel8: RHEL-08-030301 stigid@sle12: SLES-12-020300 stigid@ubuntu2004: UBTU-20-010139 + stigid@ubuntu2204: UBTU-22-654115 {{{ ocil_fix_srg_privileged_command("umount") }}} diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_unix_update/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_unix_update/rule.yml index 321018655a3..e71fef3c598 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_unix_update/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_unix_update/rule.yml @@ -39,6 +39,7 @@ references: stigid@ol8: OL08-00-030310 stigid@rhel8: RHEL-08-030310 stigid@ubuntu2004: UBTU-20-010173 + stigid@ubuntu2204: UBTU-22-654120 {{{ ocil_fix_srg_privileged_command("unix_update") }}} diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_usermod/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_usermod/rule.yml index 0ba3ab59df7..03b7b157349 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_usermod/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_usermod/rule.yml @@ -46,6 +46,7 @@ references: stigid@sle12: SLES-12-020700 stigid@sle15: SLES-15-030500 stigid@ubuntu2004: UBTU-20-010176 + stigid@ubuntu2204: UBTU-22-654125 {{{ ocil_fix_srg_privileged_command("usermod") }}} diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_session_events_btmp/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_session_events_btmp/rule.yml index 1e2484dbef0..111f44d4443 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_session_events_btmp/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_session_events_btmp/rule.yml @@ -32,6 +32,7 @@ references: srg: SRG-OS-000472-GPOS-00217 stigid@sle15: SLES-15-030780 stigid@ubuntu2004: UBTU-20-010279 + stigid@ubuntu2204: UBTU-22-654195 ocil_clause: 'Audit rule is not present' diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_session_events_utmp/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_session_events_utmp/rule.yml index 0fe148dea03..2503f97dfc2 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_session_events_utmp/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_session_events_utmp/rule.yml @@ -32,6 +32,7 @@ references: srg: SRG-OS-000472-GPOS-00217 stigid@sle15: SLES-15-030760 stigid@ubuntu2004: UBTU-20-010278 + stigid@ubuntu2204: UBTU-22-654205 ocil_clause: 'Audit rule is not present' diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_session_events_wtmp/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_session_events_wtmp/rule.yml index a3f228d1abb..bc2becd6129 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_session_events_wtmp/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_session_events_wtmp/rule.yml @@ -32,6 +32,7 @@ references: srg: SRG-OS-000472-GPOS-00217 stigid@sle15: SLES-15-030770 stigid@ubuntu2004: UBTU-20-010277 + stigid@ubuntu2204: UBTU-22-654200 ocil_clause: 'Audit rule is not present' diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sudoers/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sudoers/rule.yml index acb8b30bc0b..582738aa792 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sudoers/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sudoers/rule.yml @@ -33,6 +33,7 @@ references: srg: SRG-OS-000004-GPOS-00004,SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000304-GPOS-00121,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000470-GPOS-00214,SRG-OS-000471-GPOS-00215,SRG-OS-000239-GPOS-00089,SRG-OS-000240-GPOS-00090,SRG-OS-000241-GPOS-00091,SRG-OS-000303-GPOS-00120,SRG-OS-000466-GPOS-00210,SRG-OS-000476-GPOS-00221,SRG-APP-000495-CTR-001235,SRG-APP-000499-CTR-001255,SRG-APP-000503-CTR-001275 stigid@ol8: OL08-00-030171 stigid@rhel8: RHEL-08-030171 + stigid@ubuntu2204: UBTU-22-654220 ocil_clause: 'the command does not return a line, or the line is commented out' diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sudoers_d/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sudoers_d/rule.yml index a78cc4d0bf4..b6321618b7e 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sudoers_d/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sudoers_d/rule.yml @@ -33,6 +33,7 @@ references: srg: SRG-OS-000004-GPOS-00004,SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000304-GPOS-00121,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000470-GPOS-00214,SRG-OS-000471-GPOS-00215,SRG-OS-000239-GPOS-00089,SRG-OS-000240-GPOS-00090,SRG-OS-000241-GPOS-00091,SRG-OS-000303-GPOS-00120,SRG-OS-000466-GPOS-00210,SRG-OS-000476-GPOS-00221,SRG-APP-000495-CTR-001235,SRG-APP-000499-CTR-001255,SRG-APP-000503-CTR-001275 stigid@ol8: OL08-00-030172 stigid@rhel8: RHEL-08-030172 + stigid@ubuntu2204: UBTU-22-654225 ocil_clause: 'the command does not return a line, or the line is commented out' diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_suid_privilege_function/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_suid_privilege_function/rule.yml index 945f1417247..bd8020eb4dc 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_suid_privilege_function/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_suid_privilege_function/rule.yml @@ -60,6 +60,7 @@ references: stigid@sle12: SLES-12-020240 stigid@sle15: SLES-15-030640 stigid@ubuntu2004: UBTU-20-010211 + stigid@ubuntu2204: UBTU-22-654230 warnings: - general: |- diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_group/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_group/rule.yml index 7df7ae8e324..ad7f8a70b3a 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_group/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_group/rule.yml @@ -61,6 +61,7 @@ references: stigid@sle12: SLES-12-020210 stigid@sle15: SLES-15-030010 stigid@ubuntu2004: UBTU-20-010101 + stigid@ubuntu2204: UBTU-22-654130 ocil_clause: 'the command does not return a line, or the line is commented out' diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_gshadow/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_gshadow/rule.yml index 8b62926773c..57888e9c299 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_gshadow/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_gshadow/rule.yml @@ -61,6 +61,7 @@ references: stigid@sle12: SLES-12-020590 stigid@sle15: SLES-15-030040 stigid@ubuntu2004: UBTU-20-010103 + stigid@ubuntu2204: UBTU-22-654135 ocil_clause: 'the system is not configured to audit account changes' diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_opasswd/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_opasswd/rule.yml index c7d3a45b20a..e0fab79c5a6 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_opasswd/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_opasswd/rule.yml @@ -62,6 +62,7 @@ references: stigid@sle12: SLES-12-020230 stigid@sle15: SLES-15-030030 stigid@ubuntu2004: UBTU-20-010104 + stigid@ubuntu2204: UBTU-22-654140 ocil_clause: 'the command does not return a line, or the line is commented out' diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_passwd/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_passwd/rule.yml index 625da6853a1..6d718064cd8 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_passwd/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_passwd/rule.yml @@ -61,6 +61,7 @@ references: stigid@sle12: SLES-12-020200 stigid@sle15: SLES-15-030000 stigid@ubuntu2004: UBTU-20-010100 + stigid@ubuntu2204: UBTU-22-654145 ocil_clause: 'the command does not return a line, or the line is commented out' diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_shadow/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_shadow/rule.yml index 678fcc02caa..ac4521ab6b1 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_shadow/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_shadow/rule.yml @@ -61,6 +61,7 @@ references: stigid@sle12: SLES-12-020220 stigid@sle15: SLES-15-030020 stigid@ubuntu2004: UBTU-20-010102 + stigid@ubuntu2204: UBTU-22-654150 ocil_clause: 'command does not return a line, or the line is commented out' diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_sudo_log_events/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_sudo_log_events/rule.yml index 5be73335924..5e1037ecff5 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_sudo_log_events/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_sudo_log_events/rule.yml @@ -51,6 +51,7 @@ references: pcidss: Req-10.2.2,Req-10.2.5.b srg: SRG-OS-000392-GPOS-00172,SRG-OS-000471-GPOS-00215 stigid@ubuntu2004: UBTU-20-010244 + stigid@ubuntu2204: UBTU-22-654235 ocil_clause: 'Audit rule is not present' diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/directory_permissions_var_log_audit/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/directory_permissions_var_log_audit/rule.yml index 350c9ebc7a2..7f61d3dd68c 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/directory_permissions_var_log_audit/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/directory_permissions_var_log_audit/rule.yml @@ -47,6 +47,7 @@ references: stigid@ol8: OL08-00-030120 stigid@rhel8: RHEL-08-030120 stigid@ubuntu2004: UBTU-20-010128 + stigid@ubuntu2204: UBTU-22-653060 ocil_clause: 'audit logs have a more permissive mode' diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/file_group_ownership_var_log_audit/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/file_group_ownership_var_log_audit/rule.yml index 869679c2a14..a215acfcd27 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/file_group_ownership_var_log_audit/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/file_group_ownership_var_log_audit/rule.yml @@ -42,6 +42,7 @@ references: stigid@ol8: OL08-00-030090 stigid@rhel8: RHEL-08-030090 stigid@ubuntu2004: UBTU-20-010124 + stigid@ubuntu2204: UBTU-22-653055 ocil: |- Check group owners of the system audit logs. diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/file_groupownership_audit_configuration/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/file_groupownership_audit_configuration/rule.yml index e7ca0307fa5..a8b92a06e0e 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/file_groupownership_audit_configuration/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/file_groupownership_audit_configuration/rule.yml @@ -27,6 +27,7 @@ references: disa: CCI-000171 srg: SRG-OS-000063-GPOS-00032 stigid@ubuntu2004: UBTU-20-010135 + stigid@ubuntu2204: UBTU-22-653075 ocil: |- {{{ describe_file_group_owner(file="/etc/audit/", group="root") }}} diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/file_ownership_audit_configuration/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/file_ownership_audit_configuration/rule.yml index f936821975b..9ffff5cb01a 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/file_ownership_audit_configuration/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/file_ownership_audit_configuration/rule.yml @@ -28,6 +28,7 @@ references: disa: CCI-000171 srg: SRG-OS-000063-GPOS-00032 stigid@ubuntu2004: UBTU-20-010134 + stigid@ubuntu2204: UBTU-22-653070 ocil: |- {{{ describe_file_owner(file="/etc/audit/", owner="root") }}} diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/file_ownership_var_log_audit_stig/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/file_ownership_var_log_audit_stig/rule.yml index 031af257b21..6f09447bf05 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/file_ownership_var_log_audit_stig/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/file_ownership_var_log_audit_stig/rule.yml @@ -37,6 +37,7 @@ references: stigid@ol8: OL08-00-030080 stigid@rhel8: RHEL-08-030080 stigid@ubuntu2004: UBTU-20-010123 + stigid@ubuntu2204: UBTU-22-653050 ocil_clause: "the audit log is not owned by root" diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/rule.yml index b6097cbf025..b5b6d5790f2 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/rule.yml @@ -53,6 +53,7 @@ references: stigid@rhel7: RHEL-07-910055 stigid@rhel8: RHEL-08-030070 stigid@ubuntu2004: UBTU-20-010122 + stigid@ubuntu2204: UBTU-22-653045 ocil_clause: 'any permissions are more permissive' diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/rule.yml index 8b7c2272b38..ec954eca681 100644 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/rule.yml +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/rule.yml @@ -39,6 +39,7 @@ references: stigid@sle12: SLES-12-020090 stigid@sle15: SLES-15-030690 stigid@ubuntu2004: UBTU-20-010216 + stigid@ubuntu2204: UBTU-22-653020 ocil_clause: 'audispd is not sending logs to a remote system' diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_sufficiently_large_partition/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_sufficiently_large_partition/rule.yml index 80a09e844a6..df5978bb2cd 100644 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_sufficiently_large_partition/rule.yml +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_sufficiently_large_partition/rule.yml @@ -48,6 +48,7 @@ references: stigid@sle12: SLES-12-020020 stigid@sle15: SLES-15-030660 stigid@ubuntu2004: UBTU-20-010215 + stigid@ubuntu2204: UBTU-22-653035 ocil_clause: 'audispd is not sending logs to a remote system and the local partition has inadequate space' diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/rule.yml index b82711a7e85..9d244f44fb2 100644 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/rule.yml +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/rule.yml @@ -48,6 +48,7 @@ references: stigid@sle12: SLES-12-020060 stigid@sle15: SLES-15-030590 stigid@ubuntu2004: UBTU-20-010118 + stigid@ubuntu2204: UBTU-22-653030 ocil_clause: there is no evidence of appropriate action diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/rule.yml index ea1c7f871d3..02929698b59 100644 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/rule.yml +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/rule.yml @@ -50,6 +50,7 @@ references: stigid@sle12: SLES-12-020040 stigid@sle15: SLES-15-030570 stigid@ubuntu2004: UBTU-20-010117 + stigid@ubuntu2204: UBTU-22-653025 ocil_clause: 'the value of the "action_mail_acct" keyword is not set to "{{{ xccdf_value("var_auditd_action_mail_acct") }}}" and/or other accounts for security personnel, the "action_mail_acct" keyword is missing, or the retuned line is commented out, ask the system administrator to indicate how they and the ISSO are notified of an audit process failure. If there is no evidence of the proper personnel being notified of an audit processing failure' diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/rule.yml index 50554322285..0f768a25dc3 100644 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/rule.yml +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/rule.yml @@ -59,6 +59,7 @@ references: stigid@rhel7: RHEL-07-030340 stigid@rhel8: RHEL-08-030731 stigid@ubuntu2004: UBTU-20-010217 + stigid@ubuntu2204: UBTU-22-653040 ocil_clause: 'there is no evidence that real-time alerts are configured on the system' diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_percentage/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_percentage/rule.yml index e0c0995e436..9cd9a6b0f8c 100644 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_percentage/rule.yml +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_percentage/rule.yml @@ -39,6 +39,7 @@ references: stigid@rhel7: RHEL-07-030330 stigid@rhel8: RHEL-08-030730 stigid@ubuntu2004: UBTU-20-010217 + stigid@ubuntu2204: UBTU-22-653040 ocil_clause: 'the value of the "space_left" keyword is not set to {{{ xccdf_value("var_auditd_space_left_percentage") }}}% of the storage volume allocated to audit logs, or if the line is commented out, ask the System Administrator to indicate how the system is providing real-time alerts to the SA and ISSO. If the "space_left" value is not configured to the correct value' diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_offload_logs/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_offload_logs/rule.yml index f0566b0d888..62a113b1bea 100644 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_offload_logs/rule.yml +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_offload_logs/rule.yml @@ -19,6 +19,7 @@ references: disa: CCI-001851 srg: SRG-OS-000479-GPOS-00224 stigid@ubuntu2004: UBTU-20-010300 + stigid@ubuntu2204: UBTU-22-651035 warnings: - general: |- diff --git a/linux_os/guide/system/auditing/grub2_audit_argument/rule.yml b/linux_os/guide/system/auditing/grub2_audit_argument/rule.yml index 916ba405fff..c9be28d06a0 100644 --- a/linux_os/guide/system/auditing/grub2_audit_argument/rule.yml +++ b/linux_os/guide/system/auditing/grub2_audit_argument/rule.yml @@ -46,6 +46,7 @@ references: stigid@ol8: OL08-00-030601 stigid@rhel8: RHEL-08-030601 stigid@ubuntu2004: UBTU-20-010198 + stigid@ubuntu2204: UBTU-22-212015 ocil_clause: 'auditing is not enabled at boot time' diff --git a/linux_os/guide/system/auditing/package_audit-audispd-plugins_installed/rule.yml b/linux_os/guide/system/auditing/package_audit-audispd-plugins_installed/rule.yml index 0a8e8663912..0e80ce5f794 100644 --- a/linux_os/guide/system/auditing/package_audit-audispd-plugins_installed/rule.yml +++ b/linux_os/guide/system/auditing/package_audit-audispd-plugins_installed/rule.yml @@ -25,6 +25,7 @@ references: stigid@sle12: SLES-12-020070 stigid@sle15: SLES-15-030670 stigid@ubuntu2004: UBTU-20-010216 + stigid@ubuntu2204: UBTU-22-653020 template: name: package_installed diff --git a/linux_os/guide/system/auditing/package_audit_installed/rule.yml b/linux_os/guide/system/auditing/package_audit_installed/rule.yml index 1ca0b823376..3933bd78a36 100644 --- a/linux_os/guide/system/auditing/package_audit_installed/rule.yml +++ b/linux_os/guide/system/auditing/package_audit_installed/rule.yml @@ -34,6 +34,7 @@ references: stigid@sle12: SLES-12-020000 stigid@sle15: SLES-15-030650 stigid@ubuntu2004: UBTU-20-010182 + stigid@ubuntu2204: UBTU-22-653010 ocil_clause: 'the audit package is not installed' diff --git a/linux_os/guide/system/auditing/service_auditd_enabled/rule.yml b/linux_os/guide/system/auditing/service_auditd_enabled/rule.yml index 8b64da094d3..5fca5c1a49f 100644 --- a/linux_os/guide/system/auditing/service_auditd_enabled/rule.yml +++ b/linux_os/guide/system/auditing/service_auditd_enabled/rule.yml @@ -58,6 +58,8 @@ references: stigid@rhel8: RHEL-08-030181 stigid@sle12: SLES-12-020010 stigid@sle15: SLES-15-030050 + stigid@ubuntu2004: UBTU-20-010182 + stigid@ubuntu2204: UBTU-22-653015 ocil_clause: 'the auditd service is not running' diff --git a/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_password/rule.yml b/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_password/rule.yml index c44db2f4462..c3531c5ba6f 100644 --- a/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_password/rule.yml +++ b/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_password/rule.yml @@ -69,6 +69,7 @@ references: stigid@sle12: SLES-12-010430 stigid@sle15: SLES-15-010190 stigid@ubuntu2004: UBTU-20-010009 + stigid@ubuntu2204: UBTU-22-212010 ocil_clause: 'it does not produce any output' diff --git a/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_password/rule.yml b/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_password/rule.yml index c5ddf9688e3..743ed9cd697 100644 --- a/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_password/rule.yml +++ b/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_password/rule.yml @@ -70,6 +70,7 @@ references: stigid@sle12: SLES-12-010440 stigid@sle15: SLES-15-010200 stigid@ubuntu2004: UBTU-20-010009 + stigid@ubuntu2204: UBTU-22-212010 ocil_clause: 'no password is set' diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_remote_access_monitoring/rule.yml b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_remote_access_monitoring/rule.yml index 65bc51dfe91..6eebbdb3811 100644 --- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_remote_access_monitoring/rule.yml +++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_remote_access_monitoring/rule.yml @@ -33,6 +33,7 @@ references: stigid@ol8: OL08-00-010070 stigid@rhel8: RHEL-08-010070 stigid@ubuntu2004: UBTU-20-010403 + stigid@ubuntu2204: UBTU-22-652015 ocil_clause: 'remote access methods are not logging to rsyslog' diff --git a/linux_os/guide/system/logging/ensure_rtc_utc_configuration/rule.yml b/linux_os/guide/system/logging/ensure_rtc_utc_configuration/rule.yml index 31b9377af2f..e54eb0aef64 100644 --- a/linux_os/guide/system/logging/ensure_rtc_utc_configuration/rule.yml +++ b/linux_os/guide/system/logging/ensure_rtc_utc_configuration/rule.yml @@ -27,6 +27,7 @@ references: stigid@sle12: SLES-12-030310 stigid@sle15: SLES-15-010410 stigid@ubuntu2004: UBTU-20-010230 + stigid@ubuntu2204: UBTU-22-252020 ocil_clause: 'the system real-time clock is not configured to use UTC as its time base' diff --git a/linux_os/guide/system/logging/service_rsyslog_enabled/rule.yml b/linux_os/guide/system/logging/service_rsyslog_enabled/rule.yml index ead08e7cb68..210ee27da52 100644 --- a/linux_os/guide/system/logging/service_rsyslog_enabled/rule.yml +++ b/linux_os/guide/system/logging/service_rsyslog_enabled/rule.yml @@ -37,6 +37,7 @@ references: stigid@ol8: OL08-00-010561 stigid@rhel8: RHEL-08-010561 stigid@ubuntu2004: UBTU-20-010432 + stigid@ubuntu2204: UBTU-22-652010 ocil_clause: '{{{ ocil_clause_service_enabled(service="rsyslog") }}}' diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_syncookies/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_syncookies/rule.yml index fa092923274..332f9becc45 100644 --- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_syncookies/rule.yml +++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_syncookies/rule.yml @@ -43,6 +43,7 @@ references: stigid@sle12: SLES-12-030350 stigid@sle15: SLES-15-010310 stigid@ubuntu2004: UBTU-20-010412 + stigid@ubuntu2204: UBTU-22-253010 {{{ complete_ocil_entry_sysctl_option_value(sysctl="net.ipv4.tcp_syncookies", value="1") }}} diff --git a/linux_os/guide/system/network/network-ufw/package_ufw_installed/rule.yml b/linux_os/guide/system/network/network-ufw/package_ufw_installed/rule.yml index c325bde0e7e..9a0cfbb2541 100644 --- a/linux_os/guide/system/network/network-ufw/package_ufw_installed/rule.yml +++ b/linux_os/guide/system/network/network-ufw/package_ufw_installed/rule.yml @@ -19,6 +19,7 @@ references: disa: CCI-002314 srg: SRG-OS-000297-GPOS-00115 stigid@ubuntu2004: UBTU-20-010433 + stigid@ubuntu2204: UBTU-22-251010 ocil_clause: 'the package is not installed' diff --git a/linux_os/guide/system/network/network-ufw/service_ufw_enabled/rule.yml b/linux_os/guide/system/network/network-ufw/service_ufw_enabled/rule.yml index 8de6a5f784d..c9ef0599dbd 100644 --- a/linux_os/guide/system/network/network-ufw/service_ufw_enabled/rule.yml +++ b/linux_os/guide/system/network/network-ufw/service_ufw_enabled/rule.yml @@ -16,6 +16,7 @@ references: disa: CCI-002314 srg: SRG-OS-000297-GPOS-00115 stigid@ubuntu2004: UBTU-20-010434 + stigid@ubuntu2204: UBTU-22-251015 ocil_clause: 'the service is not enabled' diff --git a/linux_os/guide/system/network/network-ufw/ufw_only_required_services/rule.yml b/linux_os/guide/system/network/network-ufw/ufw_only_required_services/rule.yml index 56c44604560..4bf24d4d4d4 100644 --- a/linux_os/guide/system/network/network-ufw/ufw_only_required_services/rule.yml +++ b/linux_os/guide/system/network/network-ufw/ufw_only_required_services/rule.yml @@ -46,6 +46,7 @@ references: disa: CCI-000382 srg: SRG-OS-000096-GPOS-00050 stigid@ubuntu2004: UBTU-20-010407 + stigid@ubuntu2204: UBTU-22-251030 ocil_clause: 'unauthorized network services can be accessed from the network' diff --git a/linux_os/guide/system/network/network-ufw/ufw_rate_limit/rule.yml b/linux_os/guide/system/network/network-ufw/ufw_rate_limit/rule.yml index f0cdbe649f2..622faac9c40 100644 --- a/linux_os/guide/system/network/network-ufw/ufw_rate_limit/rule.yml +++ b/linux_os/guide/system/network/network-ufw/ufw_rate_limit/rule.yml @@ -23,6 +23,7 @@ references: disa: CCI-002385 srg: SRG-OS-000420-GPOS-00186 stigid@ubuntu2004: UBTU-20-010446 + stigid@ubuntu2204: UBTU-22-251025 ocil_clause: 'network interface not rate-limit' diff --git a/linux_os/guide/system/network/network-wireless/wireless_software/wireless_disable_interfaces/rule.yml b/linux_os/guide/system/network/network-wireless/wireless_software/wireless_disable_interfaces/rule.yml index 32675c9769e..7a55c61fa57 100644 --- a/linux_os/guide/system/network/network-wireless/wireless_software/wireless_disable_interfaces/rule.yml +++ b/linux_os/guide/system/network/network-wireless/wireless_software/wireless_disable_interfaces/rule.yml @@ -63,6 +63,7 @@ references: stigid@sle12: SLES-12-030450 stigid@sle15: SLES-15-010380 stigid@ubuntu2004: UBTU-20-010455 + stigid@ubuntu2204: UBTU-22-291015 ocil_clause: 'a wireless interface is configured and has not been documented and approved by the Information System Security Officer (ISSO)' diff --git a/linux_os/guide/system/network/network_ssl/only_allow_dod_certs/rule.yml b/linux_os/guide/system/network/network_ssl/only_allow_dod_certs/rule.yml index ad1fe535d51..6989742e194 100644 --- a/linux_os/guide/system/network/network_ssl/only_allow_dod_certs/rule.yml +++ b/linux_os/guide/system/network/network_ssl/only_allow_dod_certs/rule.yml @@ -25,3 +25,4 @@ references: disa: CCI-002470 srg: SRG-OS-000403-GPOS-00182 stigid@ubuntu2004: UBTU-20-010443 + stigid@ubuntu2204: UBTU-22-631010 diff --git a/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/rule.yml b/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/rule.yml index 03d331b1437..2de82bc0d74 100644 --- a/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/rule.yml +++ b/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/rule.yml @@ -54,6 +54,7 @@ references: stigid@sle12: SLES-12-010460 stigid@sle15: SLES-15-010300 stigid@ubuntu2004: UBTU-20-010411 + stigid@ubuntu2204: UBTU-22-232145 ocil_clause: 'any world-writable directories are missing the sticky bit' diff --git a/linux_os/guide/system/permissions/files/file_permissions_etc_audit_auditd/rule.yml b/linux_os/guide/system/permissions/files/file_permissions_etc_audit_auditd/rule.yml index 962ab360e44..3685506dee9 100644 --- a/linux_os/guide/system/permissions/files/file_permissions_etc_audit_auditd/rule.yml +++ b/linux_os/guide/system/permissions/files/file_permissions_etc_audit_auditd/rule.yml @@ -29,6 +29,7 @@ references: stigid@ol8: OL08-00-030610 stigid@rhel8: RHEL-08-030610 stigid@ubuntu2004: UBTU-20-010133 + stigid@ubuntu2204: UBTU-22-653065 ocil_clause: '{{{ ocil_clause_file_permissions(file="/etc/audit/auditd.conf", perms="-rw-r-----") }}}' diff --git a/linux_os/guide/system/permissions/files/file_permissions_etc_audit_rulesd/rule.yml b/linux_os/guide/system/permissions/files/file_permissions_etc_audit_rulesd/rule.yml index 4947980be18..ebc6f74a440 100644 --- a/linux_os/guide/system/permissions/files/file_permissions_etc_audit_rulesd/rule.yml +++ b/linux_os/guide/system/permissions/files/file_permissions_etc_audit_rulesd/rule.yml @@ -29,6 +29,7 @@ references: stigid@ol8: OL08-00-030610 stigid@rhel8: RHEL-08-030610 stigid@ubuntu2004: UBTU-20-010133 + stigid@ubuntu2204: UBTU-22-653065 ocil_clause: '{{{ ocil_clause_file_permissions(file="/etc/audit/rules.d/*.rules", perms="-rw-r-----") }}}' diff --git a/linux_os/guide/system/permissions/files/permissions_local_var_log/rule.yml b/linux_os/guide/system/permissions/files/permissions_local_var_log/rule.yml index ad4a197cfec..0f5d79dd2fa 100644 --- a/linux_os/guide/system/permissions/files/permissions_local_var_log/rule.yml +++ b/linux_os/guide/system/permissions/files/permissions_local_var_log/rule.yml @@ -40,6 +40,7 @@ references: srg: SRG-OS-000205-GPOS-00083 stigid@sle15: SLES-15-010340 stigid@ubuntu2004: UBTU-20-010416 + stigid@ubuntu2204: UBTU-22-232026 ocil_clause: 'not all log files have permission 640 or stricter' diff --git a/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_groupowner_var_log/rule.yml b/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_groupowner_var_log/rule.yml index aff9b4912e2..8b5becc7895 100644 --- a/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_groupowner_var_log/rule.yml +++ b/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_groupowner_var_log/rule.yml @@ -29,6 +29,7 @@ references: stigid@ol8: OL08-00-010260 stigid@rhel8: RHEL-08-010260 stigid@ubuntu2004: UBTU-20-010417 + stigid@ubuntu2204: UBTU-22-232125 ocil_clause: '{{{ ocil_clause_file_group_owner(file="/var/log", group=gid) }}}' diff --git a/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_groupowner_var_log_syslog/rule.yml b/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_groupowner_var_log_syslog/rule.yml index da7f4b84f36..6b323f5b81e 100644 --- a/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_groupowner_var_log_syslog/rule.yml +++ b/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_groupowner_var_log_syslog/rule.yml @@ -14,6 +14,7 @@ references: disa: CCI-001314 srg: SRG-OS-000206-GPOS-00084 stigid@ubuntu2004: UBTU-20-010420 + stigid@ubuntu2204: UBTU-22-232135 ocil_clause: '{{{ ocil_clause_file_group_owner(file="/var/log/syslog", group="adm") }}}' diff --git a/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_owner_var_log/rule.yml b/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_owner_var_log/rule.yml index f81fce93ec7..57b86f1faae 100644 --- a/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_owner_var_log/rule.yml +++ b/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_owner_var_log/rule.yml @@ -22,6 +22,7 @@ references: stigid@ol8: OL08-00-010250 stigid@rhel8: RHEL-08-010250 stigid@ubuntu2004: UBTU-20-010418 + stigid@ubuntu2204: UBTU-22-232120 ocil_clause: '{{{ ocil_clause_file_owner(file="/var/log", owner="root") }}}' diff --git a/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_owner_var_log_syslog/rule.yml b/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_owner_var_log_syslog/rule.yml index f1bf515455d..40cfa5dfd93 100644 --- a/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_owner_var_log_syslog/rule.yml +++ b/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_owner_var_log_syslog/rule.yml @@ -14,6 +14,7 @@ references: disa: CCI-001314 srg: SRG-OS-000206-GPOS-00084 stigid@ubuntu2004: UBTU-20-010421 + stigid@ubuntu2204: UBTU-22-232130 ocil_clause: '{{{ ocil_clause_file_owner(file="/var/log/syslog", owner="syslog") }}}' diff --git a/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_permissions_var_log/rule.yml b/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_permissions_var_log/rule.yml index d410e306421..91c096e7c15 100644 --- a/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_permissions_var_log/rule.yml +++ b/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_permissions_var_log/rule.yml @@ -23,6 +23,7 @@ references: stigid@ol8: OL08-00-010240 stigid@rhel8: RHEL-08-010240 stigid@ubuntu2004: UBTU-20-010419 + stigid@ubuntu2204: UBTU-22-232025 ocil_clause: '{{{ ocil_clause_file_permissions(file="/var/log", perms="drwxr-xr-x") }}}' diff --git a/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_permissions_var_log_syslog/rule.yml b/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_permissions_var_log_syslog/rule.yml index 73258d40fdc..2b99be14e7b 100644 --- a/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_permissions_var_log_syslog/rule.yml +++ b/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_permissions_var_log_syslog/rule.yml @@ -15,6 +15,7 @@ references: disa: CCI-001314 srg: SRG-OS-000206-GPOS-00084 stigid@ubuntu2004: UBTU-20-010422 + stigid@ubuntu2204: UBTU-22-232030 ocil_clause: '{{{ ocil_clause_file_permissions(file="/var/log/syslog", perms="-rw-r-----") }}}' diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_group_ownership_library_dirs/rule.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_group_ownership_library_dirs/rule.yml index 024cba28940..0d125b8f1bf 100644 --- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_group_ownership_library_dirs/rule.yml +++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_group_ownership_library_dirs/rule.yml @@ -42,6 +42,7 @@ references: stigid@sle12: SLES-12-010876 stigid@sle15: SLES-15-010356 stigid@ubuntu2004: UBTU-20-010431 + stigid@ubuntu2204: UBTU-22-232065 ocil_clause: any system-wide shared library directory is returned and is not group-owned by a required system account diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_groupownership_binary_dirs/rule.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_groupownership_binary_dirs/rule.yml index 1e1520bd8a6..7aac42c5fd1 100644 --- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_groupownership_binary_dirs/rule.yml +++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_groupownership_binary_dirs/rule.yml @@ -35,6 +35,7 @@ references: disa: CCI-001495 srg: SRG-OS-000258-GPOS-00099 stigid@ubuntu2004: UBTU-20-010425 + stigid@ubuntu2204: UBTU-22-232045 ocil_clause: 'any of these directories are not owned by root group' diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_ownership_binary_dirs/rule.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_ownership_binary_dirs/rule.yml index ba923d8ac55..d37c3d907aa 100644 --- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_ownership_binary_dirs/rule.yml +++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_ownership_binary_dirs/rule.yml @@ -26,6 +26,7 @@ references: disa: CCI-001495 srg: SRG-OS-000258-GPOS-00099 stigid@ubuntu2004: UBTU-20-010424 + stigid@ubuntu2204: UBTU-22-232040 ocil_clause: 'any system executables directories are found to not be owned by root' diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_ownership_library_dirs/rule.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_ownership_library_dirs/rule.yml index c5d67497f83..ce747207d1e 100644 --- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_ownership_library_dirs/rule.yml +++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_ownership_library_dirs/rule.yml @@ -41,6 +41,7 @@ references: stigid@sle12: SLES-12-010874 stigid@sle15: SLES-15-010354 stigid@ubuntu2004: UBTU-20-010429 + stigid@ubuntu2204: UBTU-22-232060 ocil_clause: any system-wide shared library directory is not owned by root diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_binary_dirs/rule.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_binary_dirs/rule.yml index a666c768870..0f09807b622 100644 --- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_binary_dirs/rule.yml +++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_binary_dirs/rule.yml @@ -27,6 +27,7 @@ references: disa: CCI-001495 srg: SRG-OS-000258-GPOS-00099 stigid@ubuntu2004: UBTU-20-010423 + stigid@ubuntu2204: UBTU-22-232010 ocil_clause: 'any of these files are group-writable or world-writable' diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_groupownership_system_commands_dirs/rule.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_groupownership_system_commands_dirs/rule.yml index 6e004599d21..be0eb09e1f4 100644 --- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_groupownership_system_commands_dirs/rule.yml +++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_groupownership_system_commands_dirs/rule.yml @@ -49,6 +49,7 @@ references: stigid@sle12: SLES-12-010882 stigid@sle15: SLES-15-010361 stigid@ubuntu2004: UBTU-20-010458 + stigid@ubuntu2204: UBTU-22-232055 ocil_clause: 'any system commands are returned and is not group-owned by a required system account' diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_audit_binaries/rule.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_audit_binaries/rule.yml index 8e77f23d789..146a654ec7c 100644 --- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_audit_binaries/rule.yml +++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_audit_binaries/rule.yml @@ -45,6 +45,7 @@ references: disa: CCI-001493,CCI-001494 srg: SRG-OS-000256-GPiOS-00097,SRG-OS-000257-GPOS-00098 stigid@ubuntu2004: UBTU-20-010200 + stigid@ubuntu2204: UBTU-22-232110 ocil: |- Verify it by running the following command: diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_binary_dirs/rule.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_binary_dirs/rule.yml index 5854f5308ff..a8a1bab78c2 100644 --- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_binary_dirs/rule.yml +++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_binary_dirs/rule.yml @@ -47,6 +47,7 @@ references: stigid@sle12: SLES-12-010879 stigid@sle15: SLES-15-010359 stigid@ubuntu2004: UBTU-20-010457 + stigid@ubuntu2204: UBTU-22-232050 ocil_clause: 'any system commands are found to not be owned by root' diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/rule.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/rule.yml index bc1f3caff06..104fe66a58c 100644 --- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/rule.yml +++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/rule.yml @@ -48,6 +48,7 @@ references: stigid@sle12: SLES-12-010873 stigid@sle15: SLES-15-010353 stigid@ubuntu2004: UBTU-20-010428 + stigid@ubuntu2204: UBTU-22-232070 ocil_clause: 'any system wide shared library file is not owned by root' diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_audit_binaries/rule.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_audit_binaries/rule.yml index 589bd018df4..475ce7837b4 100644 --- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_audit_binaries/rule.yml +++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_audit_binaries/rule.yml @@ -45,6 +45,7 @@ references: disa: CCI-001493,CCI-001494 srg: SRG-OS-000256-GPOS-00097,SRG-OS-000257-GPOS-00098 stigid@ubuntu2004: UBTU-20-010199 + stigid@ubuntu2204: UBTU-22-232035 ocil: |- Verify it by running the following command: diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_binary_dirs/rule.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_binary_dirs/rule.yml index aed33a4940c..5744f5ad147 100644 --- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_binary_dirs/rule.yml +++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_binary_dirs/rule.yml @@ -47,6 +47,7 @@ references: stigid@sle12: SLES-12-010878 stigid@sle15: SLES-15-010358 stigid@ubuntu2004: UBTU-20-010456 + stigid@ubuntu2204: UBTU-22-232015 ocil_clause: any system commands are found to be group-writable or world-writable diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_library_dirs/rule.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_library_dirs/rule.yml index f497a602af1..b74b40f9f78 100644 --- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_library_dirs/rule.yml +++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_library_dirs/rule.yml @@ -48,6 +48,7 @@ references: stigid@sle12: SLES-12-010871 stigid@sle15: SLES-15-010351 stigid@ubuntu2004: UBTU-20-010426 + stigid@ubuntu2204: UBTU-22-232020 ocil_clause: any system-wide shared library file is found to be group-writable or world-writable diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/root_permissions_syslibrary_files/rule.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/root_permissions_syslibrary_files/rule.yml index 1a618dbd5e8..27ef1c2422f 100644 --- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/root_permissions_syslibrary_files/rule.yml +++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/root_permissions_syslibrary_files/rule.yml @@ -46,6 +46,7 @@ references: stigid@sle12: SLES-12-010875 stigid@sle15: SLES-15-010355 stigid@ubuntu2004: UBTU-20-010430 + stigid@ubuntu2204: UBTU-22-232075 ocil_clause: any system wide shared library file is returned and is not group-owned by a required system account diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_usb-storage_disabled/rule.yml b/linux_os/guide/system/permissions/mounting/kernel_module_usb-storage_disabled/rule.yml index be55b136b64..7e00f95e540 100644 --- a/linux_os/guide/system/permissions/mounting/kernel_module_usb-storage_disabled/rule.yml +++ b/linux_os/guide/system/permissions/mounting/kernel_module_usb-storage_disabled/rule.yml @@ -48,6 +48,7 @@ references: stigid@sle12: SLES-12-010580 stigid@sle15: SLES-15-010480 stigid@ubuntu2004: UBTU-20-010461 + stigid@ubuntu2204: UBTU-22-291010 {{{ complete_ocil_entry_module_disable(module="usb-storage") }}} diff --git a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_randomize_va_space/rule.yml b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_randomize_va_space/rule.yml index 0c11fb5073e..8b7cf77746a 100644 --- a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_randomize_va_space/rule.yml +++ b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_randomize_va_space/rule.yml @@ -41,6 +41,7 @@ references: stigid@sle12: SLES-12-030330 stigid@sle15: SLES-15-010550 stigid@ubuntu2004: UBTU-20-010448 + stigid@ubuntu2204: UBTU-22-213020 {{{ complete_ocil_entry_sysctl_option_value(sysctl="kernel.randomize_va_space", value="2") }}} diff --git a/linux_os/guide/system/permissions/restrictions/enable_nx/bios_enable_execution_restrictions/rule.yml b/linux_os/guide/system/permissions/restrictions/enable_nx/bios_enable_execution_restrictions/rule.yml index 74f85aafdfa..289d09acb24 100644 --- a/linux_os/guide/system/permissions/restrictions/enable_nx/bios_enable_execution_restrictions/rule.yml +++ b/linux_os/guide/system/permissions/restrictions/enable_nx/bios_enable_execution_restrictions/rule.yml @@ -39,6 +39,7 @@ references: stigid@ol8: OL08-00-010420 stigid@rhel8: RHEL-08-010420 stigid@ubuntu2004: UBTU-20-010447 + stigid@ubuntu2204: UBTU-22-213025 # In aarch64 cpus the bit is XN and it is not disableable platform: machine and not aarch64_arch diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_dmesg_restrict/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_dmesg_restrict/rule.yml index bbdc36a61f1..e8a1368cb3d 100644 --- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_dmesg_restrict/rule.yml +++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_dmesg_restrict/rule.yml @@ -32,6 +32,7 @@ references: stigid@sle12: SLES-12-010375 stigid@sle15: SLES-15-010375 stigid@ubuntu2004: UBTU-20-010401 + stigid@ubuntu2204: UBTU-22-213010 {{{ complete_ocil_entry_sysctl_option_value(sysctl="kernel.dmesg_restrict", value="1") }}} diff --git a/linux_os/guide/system/software/disk_partitioning/encrypt_partitions/rule.yml b/linux_os/guide/system/software/disk_partitioning/encrypt_partitions/rule.yml index 340b76d1a6a..59f41e629d0 100644 --- a/linux_os/guide/system/software/disk_partitioning/encrypt_partitions/rule.yml +++ b/linux_os/guide/system/software/disk_partitioning/encrypt_partitions/rule.yml @@ -79,6 +79,7 @@ references: stigid@sle12: SLES-12-010450 stigid@sle15: SLES-15-010330 stigid@ubuntu2004: UBTU-20-010414 + stigid@ubuntu2204: UBTU-22-231010 ocil_clause: 'partitions do not have a type of crypto_LUKS' diff --git a/linux_os/guide/system/software/gnome/enable_dconf_user_profile/bash/shared.sh b/linux_os/guide/system/software/gnome/enable_dconf_user_profile/bash/shared.sh index 06ba69b527b..13120806d00 100644 --- a/linux_os/guide/system/software/gnome/enable_dconf_user_profile/bash/shared.sh +++ b/linux_os/guide/system/software/gnome/enable_dconf_user_profile/bash/shared.sh @@ -1,3 +1,3 @@ -# platform = multi_platform_sle +# platform = multi_platform_sle,multi_platform_ubuntu echo -e 'user-db:user\nsystem-db:gdm' > /etc/dconf/profile/gdm diff --git a/linux_os/guide/system/software/gnome/enable_dconf_user_profile/oval/shared.xml b/linux_os/guide/system/software/gnome/enable_dconf_user_profile/oval/shared.xml index b2d6f9e607b..efaab2a33ab 100644 --- a/linux_os/guide/system/software/gnome/enable_dconf_user_profile/oval/shared.xml +++ b/linux_os/guide/system/software/gnome/enable_dconf_user_profile/oval/shared.xml @@ -13,7 +13,7 @@ - {{% if product in ['sle12', 'sle15'] %}} + {{% if product in ['sle12', 'sle15', 'ubuntu2004', 'ubuntu2204'] %}} /etc/dconf/profile/gdm ^user-db:user\nsystem-db:gdm$ {{% else %}} diff --git a/linux_os/guide/system/software/gnome/enable_dconf_user_profile/rule.yml b/linux_os/guide/system/software/gnome/enable_dconf_user_profile/rule.yml index 9e68afa0961..37c5a650df1 100644 --- a/linux_os/guide/system/software/gnome/enable_dconf_user_profile/rule.yml +++ b/linux_os/guide/system/software/gnome/enable_dconf_user_profile/rule.yml @@ -9,7 +9,7 @@ description: |- highest priority. As such the DConf User profile should always exist and be configured correctly.

- {{% if product in ["sle12", "sle15"] %}} + {{% if product in ["sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}} To make sure that the user profile is configured correctly, the /etc/dconf/profile/gdm should be set as follows: 
user-db:user
@@ -44,13 +44,14 @@ references:
     cis@ubuntu2204: '1.10'
     stigid@sle12: SLES-12-010611
     stigid@sle15: SLES-15-040061
+    stigid@ubuntu2204: UBTU-22-271010
 
 ocil_clause: 'DConf User profile does not exist or is not configured correctly'
 
 ocil: |-
     To verify that the DConf User profile is configured correctly, run the following
     command:
-    {{% if product in ["sle12", "sle15"] %}}
+    {{% if product in ["sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
     
$ cat /etc/dconf/profile/gdm

     The output should show the following:
     
user-db:user
diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_delay/rule.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_delay/rule.yml
index 4eabf4c0e5f..2b869894fee 100644
--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_delay/rule.yml
+++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_delay/rule.yml
@@ -51,6 +51,7 @@ references:
     stigid@rhel8: RHEL-08-020060
     stigid@sle12: SLES-12-010080
     stigid@sle15: SLES-15-010120
+    stigid@ubuntu2204: UBTU-22-271025
 
 ocil_clause: 'idle-delay is set to 0 or a value greater than {{{ xccdf_value("inactivity_timeout_value") }}}'
 
diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_delay/rule.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_delay/rule.yml
index 7f941c056cb..5c05b158d78 100644
--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_delay/rule.yml
+++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_delay/rule.yml
@@ -41,6 +41,7 @@ references:
     stigid@ol8: OL08-00-020031
     stigid@rhel7: RHEL-07-010110
     stigid@rhel8: RHEL-08-020031
+    stigid@ubuntu2204: UBTU-22-271025
 
 ocil_clause: 'the screensaver lock delay is missing, or is set to a value greater than {{{ xccdf_value("var_screensaver_lock_delay") }}}'
 
diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_enabled/rule.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_enabled/rule.yml
index b2adc554077..73d78790943 100644
--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_enabled/rule.yml
+++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_enabled/rule.yml
@@ -60,6 +60,7 @@ references:
     stigid@sle12: SLES-12-010060
     stigid@sle15: SLES-15-010100
     stigid@ubuntu2004: UBTU-20-010004
+    stigid@ubuntu2204: UBTU-22-271020
 
 
 ocil_clause: 'screensaver locking is not enabled and/or has not been set or configured correctly'
diff --git a/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_ctrlaltdel_reboot/rule.yml b/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_ctrlaltdel_reboot/rule.yml
index 63893c3212a..d1efec9136b 100644
--- a/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_ctrlaltdel_reboot/rule.yml
+++ b/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_ctrlaltdel_reboot/rule.yml
@@ -48,6 +48,7 @@ references:
     stigid@rhel7: RHEL-07-020231
     stigid@rhel8: RHEL-08-040171
     stigid@ubuntu2004: UBTU-20-010459
+    stigid@ubuntu2204: UBTU-22-271030
 
 ocil_clause: 'GNOME3 is configured to reboot when Ctrl-Alt-Del is pressed'
 
diff --git a/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_endpoint_security_software/package_mcafeetp_installed/rule.yml b/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_endpoint_security_software/package_mcafeetp_installed/rule.yml
index 6ab37c58ea7..003163e10ec 100644
--- a/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_endpoint_security_software/package_mcafeetp_installed/rule.yml
+++ b/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_endpoint_security_software/package_mcafeetp_installed/rule.yml
@@ -40,6 +40,7 @@ references:
     stigid@sle12: SLES-12-010599
     stigid@sle15: SLES-15-010001
     stigid@ubuntu2004: UBTU-20-010415
+    stigid@ubuntu2204: UBTU-22-211010
 
 ocil_clause: 'the package is not installed'
 
diff --git a/linux_os/guide/system/software/integrity/fips/is_fips_mode_enabled/rule.yml b/linux_os/guide/system/software/integrity/fips/is_fips_mode_enabled/rule.yml
index 123e224fc93..60ab0085d55 100644
--- a/linux_os/guide/system/software/integrity/fips/is_fips_mode_enabled/rule.yml
+++ b/linux_os/guide/system/software/integrity/fips/is_fips_mode_enabled/rule.yml
@@ -27,6 +27,7 @@ references:
     stigid@sle12: SLES-12-010420
     stigid@sle15: SLES-15-010510
     stigid@ubuntu2004: UBTU-20-010442
+    stigid@ubuntu2204: UBTU-22-671010
 
 ocil_clause: the command 'cat /proc/sys/crypto/fips_enabled' returns nothing or '0' or the file does not exist
 
diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_build_database/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_build_database/rule.yml
index 30854edba95..6ab661bf51c 100644
--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_build_database/rule.yml
+++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_build_database/rule.yml
@@ -64,6 +64,7 @@ references:
     stigid@sle12: SLES-12-010499
     stigid@sle15: SLES-15-010419
     stigid@ubuntu2004: UBTU-20-010450
+    stigid@ubuntu2204: UBTU-22-651015
 
 ocil_clause: 'there is no database file'
 
diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/rule.yml
index a3d7469d5c0..c0f614ec176 100644
--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/rule.yml
+++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/rule.yml
@@ -45,6 +45,7 @@ references:
     stigid@sle12: SLES-12-010540
     stigid@sle15: SLES-15-030630
     stigid@ubuntu2004: UBTU-20-010205
+    stigid@ubuntu2204: UBTU-22-651030
 
 ocil_clause: 'integrity checks of the audit tools are missing or incomplete'
 
diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_disable_silentreports/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_disable_silentreports/rule.yml
index d14ca3a3eb3..fd1e3a4d616 100644
--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_disable_silentreports/rule.yml
+++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_disable_silentreports/rule.yml
@@ -16,6 +16,7 @@ references:
     disa: "CCI-001744,CCI-002702"
     srg: "SRG-OS-000447-GPOS-00201,SRG-OS-000363-GPOS-00150"
     stigid@ubuntu2004: UBTU-20-010437
+    stigid@ubuntu2204: UBTU-22-651020
 
 ocil_clause: 'silentreports is enabled in aide default configuration, or is missing'
 
diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/rule.yml
index 747662e4cc3..f717ac5d98b 100644
--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/rule.yml
+++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/rule.yml
@@ -63,6 +63,7 @@ references:
     stigid@sle12: SLES-12-010500
     stigid@sle15: SLES-15-010420
     stigid@ubuntu2004: UBTU-20-010074
+    stigid@ubuntu2204: UBTU-22-651025
 
 ocil_clause: 'AIDE is not configured to scan periodically'
 
diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/package_aide_installed/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/aide/package_aide_installed/rule.yml
index c3ccdb412e9..00609b4df78 100644
--- a/linux_os/guide/system/software/integrity/software-integrity/aide/package_aide_installed/rule.yml
+++ b/linux_os/guide/system/software/integrity/software-integrity/aide/package_aide_installed/rule.yml
@@ -41,6 +41,7 @@ references:
     stigid@sle12: SLES-12-010499
     stigid@sle15: SLES-15-010419
     stigid@ubuntu2004: UBTU-20-010450
+    stigid@ubuntu2204: UBTU-22-651010
 
 ocil_clause: 'the package is not installed'
 
diff --git a/linux_os/guide/system/software/sudo/sudo_require_authentication/rule.yml b/linux_os/guide/system/software/sudo/sudo_require_authentication/rule.yml
index 009e15eab1f..d979bdb8ade 100644
--- a/linux_os/guide/system/software/sudo/sudo_require_authentication/rule.yml
+++ b/linux_os/guide/system/software/sudo/sudo_require_authentication/rule.yml
@@ -38,6 +38,7 @@ references:
     srg: SRG-OS-000373-GPOS-00156
     stigid@sle15: SLES-15-010450
     stigid@ubuntu2004: UBTU-20-010014
+    stigid@ubuntu2204: UBTU-22-432010
 
 ocil_clause: 'nopasswd and/or !authenticate is enabled in sudo'
 
diff --git a/linux_os/guide/system/software/updating/clean_components_post_updating/rule.yml b/linux_os/guide/system/software/updating/clean_components_post_updating/rule.yml
index fc688e45de4..2514c5d7fa5 100644
--- a/linux_os/guide/system/software/updating/clean_components_post_updating/rule.yml
+++ b/linux_os/guide/system/software/updating/clean_components_post_updating/rule.yml
@@ -50,6 +50,7 @@ references:
     stigid@sle12: SLES-12-010570
     stigid@sle15: SLES-15-010560
     stigid@ubuntu2004: UBTU-20-010449
+    stigid@ubuntu2204: UBTU-22-214015
 
 ocil_clause: |-
     {{%- if 'sle' in product %}}
diff --git a/products/ubuntu2204/profiles/stig.profile b/products/ubuntu2204/profiles/stig.profile
new file mode 100644
index 00000000000..885d60f240a
--- /dev/null
+++ b/products/ubuntu2204/profiles/stig.profile
@@ -0,0 +1,671 @@
+documentation_complete: true
+
+title: 'DRAFT Canonical Ubuntu 22.04 LTS Security Technical Implementation Guide (STIG) DRAFT'
+
+description: |-
+    This Security Technical Implementation Guide is published as a tool to
+    improve the security of Department of Defense (DoD) information systems.
+    The requirements are derived from the National Institute of Standards and
+    Technology (NIST) 800-53 and related documents.
+
+selections:
+
+    ### TODO
+    # UBTU-22-271010 The Ubuntu operating system must enable the graphical user logon banner to display the Standard Mandatory DoD Notice and Consent Banner before granting local access to the system via a graphical user logon.
+    - enable_dconf_user_profile
+    - dconf_gnome_banner_enabled
+
+    ### TODO
+    # UBTU-22-271015 The Ubuntu operating system must display the Standard Mandatory DoD Notice and Consent Banner before granting local access to the system via a graphical user logon.
+    - login_banner_text=dod_banners
+    - dconf_gnome_login_banner_text
+
+    # UBTU-22-271020 The Ubuntu operating system must retain a user's session lock until that user reestablishes access using established identification and authentication procedures.
+    - dconf_gnome_screensaver_lock_enabled
+
+    # UBTU-22-412025 The Ubuntu operating system must allow users to directly initiate a session lock for all connection types.
+    - vlock_installed
+
+    # UBTU-22-612040 The Ubuntu operating system must map the authenticated identity to the user or group account for PKI-based authentication.
+    - verify_use_mappers
+
+    # UBTU-22-411025 The Ubuntu operating system must enforce 24 hours/1 day as the minimum password lifetime. Passwords for new users must have a 24 hours/1 day minimum password lifetime restriction.
+    - var_accounts_minimum_age_login_defs=1
+    - accounts_minimum_age_login_defs
+
+    # UBTU-22-411030 The Ubuntu operating system must enforce a 60-day maximum password lifetime restriction. Passwords for new users must have a 60-day maximum password lifetime restriction.
+    - var_accounts_maximum_age_login_defs=60
+    - accounts_maximum_age_login_defs
+
+    # UBTU-22-212010 Ubuntu operating systems when booted must require authentication upon booting into single-user and maintenance modes.
+    - grub2_uefi_password
+    - grub2_password
+
+    # UBTU-22-411015 The Ubuntu operating system must uniquely identify interactive users.
+    - no_duplicate_uids
+
+    # UBTU-22-432015 The Ubuntu operating system must ensure only users who need access to security functions are part of sudo group.
+    - ensure_sudo_group_restricted
+
+    ### TODO
+    # UBTU-22-412030 The Ubuntu operating system must automatically terminate a user session after inactivity timeouts have expired.
+    - var_accounts_tmout=10_min
+    - accounts_tmout
+
+    # UBTU-22-432010 The Ubuntu operating system must require users to reauthenticate for privilege escalation or when changing roles.
+    - sudo_require_authentication
+
+    # UBTU-22-412035 The Ubuntu operating system default filesystem permissions must be defined in such a way that all authenticated users can read and modify only their own files.
+    - var_accounts_user_umask=077
+    - accounts_umask_etc_login_defs
+
+    # UBTU-22-612010 The Ubuntu operating system must implement multifactor authentication for remote access to privileged accounts in such a way that one of the factors is provided by a device separate from the system gaining access.
+    - install_smartcard_packages
+
+    # UBTU-22-612020 The Ubuntu operating system must implement smart card logins for multifactor authentication for local and network access to privileged and non-privileged accounts.
+    - sshd_enable_pubkey_auth
+    - smartcard_pam_enabled
+
+    # UBTU-22-255065 The Ubuntu operating system must use strong authenticators in establishing nonlocal maintenance and diagnostic sessions.
+    - sshd_enable_pam
+
+    # UBTU-22-255030 The Ubuntu operating system must immediately terminate all network connections associated with SSH traffic after a period of inactivity.
+    - var_sshd_set_keepalive=1
+    - sshd_set_keepalive
+
+    # UBTU-22-255035 The Ubuntu operating system must immediately terminate all network connections associated with SSH traffic at the end of the session or after 10 minutes of inactivity.
+    - sshd_idle_timeout_value=10_minutes
+    - sshd_set_idle_timeout
+
+    # UBTU-22-255010 The Ubuntu operating system must use SSH to protect the confidentiality and integrity of transmitted information.
+    - package_openssh-server_installed
+
+    # UBTU-22-255015 The Ubuntu operating system must use SSH to protect the confidentiality and integrity of transmitted information.
+    - service_sshd_enabled
+
+    # UBTU-22-255020 The Ubuntu operating system must display the Standard Mandatory DoD Notice and Consent Banner before granting any local or remote connection to the system.
+    - banner_etc_issue_net
+    - sshd_enable_warning_banner_net
+
+    ### TODO
+    # UBTU-22-255055 The Ubuntu operating system must configure the SSH daemon to use Message Authentication Codes (MACs) employing FIPS 140-3 approved cryptographic hashes to prevent the unauthorized disclosure of information and/or detect changes to information during transmission.
+    - sshd_use_approved_macs_ordered_stig
+
+    ### TODO
+    # UBTU-22-255050 The Ubuntu operating system must configure the SSH daemon to use FIPS 140-3 approved ciphers to prevent the unauthorized disclosure of information and/or detect changes to information during transmission.
+    - sshd_use_approved_ciphers_ordered_stig
+
+    # UBTU-22-255060 The Ubuntu operating system SSH server must be configured to use only FIPS-validated key exchange algorithms.
+    - sshd_use_approved_kex_ordered_stig
+
+    # UBTU-22-255025 The Ubuntu operating system must not allow unattended or automatic login via SSH.
+    - sshd_disable_empty_passwords
+    - sshd_do_not_permit_user_env
+
+    # UBTU-22-255040 The Ubuntu operating system must be configured so that remote X connections are disabled, unless to fulfill documented and validated mission requirements.
+    - sshd_disable_x11_forwarding
+
+    # UBTU-22-255045 The Ubuntu operating system SSH daemon must prevent remote hosts from connecting to the proxy display.
+    - sshd_x11_use_localhost
+
+    # UBTU-22-611010 The Ubuntu operating system must enforce password complexity by requiring that at least one upper-case character be used.
+    - var_password_pam_ucredit=1
+    - accounts_password_pam_ucredit
+
+    # UBTU-22-611015 The Ubuntu operating system must enforce password complexity by requiring that at least one lower-case character be used.
+    - var_password_pam_lcredit=1
+    - accounts_password_pam_lcredit
+
+    # UBTU-22-611020 The Ubuntu operating system must enforce password complexity by requiring that at least one numeric character be used.
+    - var_password_pam_dcredit=1
+    - accounts_password_pam_dcredit
+
+    # UBTU-22-611040 The Ubuntu operating system must require the change of at least 8 characters when passwords are changed.
+    - var_password_pam_difok=8
+    - accounts_password_pam_difok
+
+    # UBTU-22-611035 The Ubuntu operating system must enforce a minimum 15-character password length.
+    - var_password_pam_minlen=15
+    - accounts_password_pam_minlen
+
+    # UBTU-22-611025 The Ubuntu operating system must enforce password complexity by requiring that at least one special character be used.
+    - var_password_pam_ocredit=1
+    - accounts_password_pam_ocredit
+
+    # UBTU-22-611030 The Ubuntu operating system must prevent the use of dictionary words for passwords.
+    - var_password_pam_dictcheck=1
+    - accounts_password_pam_dictcheck
+
+    # UBTU-22-215010 The Ubuntu operating system must be configured so that when passwords are changed or new passwords are established, pwquality must be used.
+    - package_pam_pwquality_installed
+
+    # UBTU-22-611045 The Ubuntu operating system must be configured so that when passwords are changed or new passwords are established, pwquality must be used.
+    - var_password_pam_retry=3
+    - accounts_password_pam_enforcing
+    - accounts_password_pam_retry
+
+    # UBTU-22-612030 The Ubuntu operating system, for PKI-based authentication, must validate certificates by constructing a certification path (which includes status information) to an accepted trust anchor.
+    - smartcard_configure_ca
+
+
+    # UBTU-22-612015 The Ubuntu operating system must accept Personal Identity Verification (PIV) credentials.
+    - package_opensc_installed
+
+    ### TODO
+    # UBTU-22-612025 The Ubuntu operating system must electronically verify Personal Identity Verification (PIV) credentials.
+    - smartcard_configure_cert_checking
+
+    ### TODO
+    # UBTU-22-612035 The Ubuntu operating system for PKI-based authentication, must implement a local cache of revocation data in case of the inability to access revocation information via the network.
+    - smartcard_configure_crl
+
+    # UBTU-22-611050 The Ubuntu operating system must prohibit password reuse for a minimum of five generations.
+    - var_password_pam_unix_remember=5
+    - accounts_password_pam_unix_remember
+
+    # UBTU-22-411045 The Ubuntu operating system must automatically lock an account until the locked account is released by an administrator when three unsuccessful logon attempts have been made.
+    - var_accounts_passwords_pam_faillock_deny=3
+    - var_accounts_passwords_pam_faillock_fail_interval=900
+    - var_accounts_passwords_pam_faillock_unlock_time=never
+    - accounts_passwords_pam_faillock_audit
+    - accounts_passwords_pam_faillock_silent
+    - accounts_passwords_pam_faillock_deny
+    - accounts_passwords_pam_faillock_interval
+    - accounts_passwords_pam_faillock_unlock_time
+
+    ### TODO
+    # UBTU-22-651025 The Ubuntu operating system must be configured so that the script which runs each 30 days or less to check file integrity is the default one.
+    - aide_periodic_cron_checking
+
+    # UBTU-22-412010 The Ubuntu operating system must enforce a delay of at least 4 seconds between logon prompts following a failed logon attempt.
+    - var_password_pam_delay=4000000
+    - accounts_passwords_pam_faildelay_delay
+
+    # UBTU-22-654145 The Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.
+    - audit_rules_usergroup_modification_passwd
+
+    # UBTU-22-654130 The Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group.
+    - audit_rules_usergroup_modification_group
+
+    # UBTU-22-654150 The Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow.
+    - audit_rules_usergroup_modification_shadow
+
+    # UBTU-22-654135 The Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/gshadow.
+    - audit_rules_usergroup_modification_gshadow
+
+    # UBTU-22-654140 The Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/opasswd.
+    - audit_rules_usergroup_modification_opasswd
+
+    ### TODO
+    # UBTU-22-653025 The Ubuntu operating system must alert the ISSO and SA (at a minimum) in the event of an audit processing failure.
+    - var_auditd_action_mail_acct=root
+    - auditd_data_retention_action_mail_acct
+
+    ### TODO
+    # UBTU-22-653030 The Ubuntu operating system must shut down by default upon audit failure (unless availability is an overriding concern).
+    - var_auditd_disk_full_action=halt
+    - auditd_data_disk_full_action
+
+    # UBTU-22-653045 The Ubuntu operating system must be configured so that audit log files are not read or write-accessible by unauthorized users.
+    - file_permissions_var_log_audit
+
+    # UBTU-22-653050 The Ubuntu operating system must be configured to permit only authorized users ownership of the audit log files.
+    - file_ownership_var_log_audit_stig
+
+    ### TODO (double check, focal uses _stig)
+    # UBTU-22-653055 The Ubuntu operating system must permit only authorized groups ownership of the audit log files.
+    - file_group_ownership_var_log_audit
+
+    # UBTU-22-653060 The Ubuntu operating system must be configured so that the audit log directory is not write-accessible by unauthorized users.
+    - directory_permissions_var_log_audit
+
+    # UBTU-22-653065 The Ubuntu operating system must be configured so that audit configuration files are not write-accessible by unauthorized users.
+    - file_permissions_etc_audit_rulesd
+    - file_permissions_etc_audit_auditd
+
+    # UBTU-22-653070 The Ubuntu operating system must permit only authorized accounts to own the audit configuration files.
+    - file_ownership_audit_configuration
+
+    # UBTU-22-653075 The Ubuntu operating system must permit only authorized groups to own the audit configuration files.
+    - file_groupownership_audit_configuration
+
+    # UBTU-22-654100 The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the su command.
+    - audit_rules_privileged_commands_su
+
+    # UBTU-22-654030 The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the chfn command.
+    - audit_rules_privileged_commands_chfn
+
+    # UBTU-22-654065 The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the mount command.
+    - audit_rules_privileged_commands_mount
+
+    # UBTU-22-654115 The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the umount command.
+    - audit_rules_privileged_commands_umount
+
+    # UBTU-22-654090 The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the ssh-agent command.
+    - audit_rules_privileged_commands_ssh_agent
+
+    # UBTU-22-654095 The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the ssh-keysign command.
+    - audit_rules_privileged_commands_ssh_keysign
+
+    # UBTU-22-654180 The Ubuntu operating system must generate audit records for any use of the setxattr, fsetxattr, lsetxattr, removexattr, fremovexattr, and lremovexattr system calls
+    - audit_rules_dac_modification_setxattr
+    - audit_rules_dac_modification_lsetxattr
+    - audit_rules_dac_modification_fsetxattr
+    - audit_rules_dac_modification_removexattr
+    - audit_rules_dac_modification_lremovexattr
+    - audit_rules_dac_modification_fremovexattr
+
+    # UBTU-22-654160 The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the chown, fchown, fchownat, and lchown system calls.
+    - audit_rules_dac_modification_chown
+    - audit_rules_dac_modification_fchown
+    - audit_rules_dac_modification_fchownat
+    - audit_rules_dac_modification_lchown
+
+    # UBTU-22-654155 The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the chmod, fchmod, and fchmodat system calls.
+    - audit_rules_dac_modification_chmod
+    - audit_rules_dac_modification_fchmod
+    - audit_rules_dac_modification_fchmodat
+
+    # UBTU-22-654165 The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the creat, open, openat, open_by_handle_at, truncate, and ftruncate system calls.
+    - audit_rules_unsuccessful_file_modification_open
+    - audit_rules_unsuccessful_file_modification_truncate
+    - audit_rules_unsuccessful_file_modification_ftruncate
+    - audit_rules_unsuccessful_file_modification_creat
+    - audit_rules_unsuccessful_file_modification_openat
+    - audit_rules_unsuccessful_file_modification_open_by_handle_at
+
+    # UBTU-22-654105 The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the sudo command.
+    - audit_rules_privileged_commands_sudo
+
+    # UBTU-22-654110 The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the sudoedit command.
+    - audit_rules_privileged_commands_sudoedit
+
+    # UBTU-22-654035 The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the chsh command.
+    - audit_rules_privileged_commands_chsh
+
+    # UBTU-22-654070 The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the newgrp command.
+    - audit_rules_privileged_commands_newgrp
+
+    # UBTU-22-654025 The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the chcon command.
+    - audit_rules_execution_chcon
+
+    # UBTU-22-654010 The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the apparmor_parser command.
+    - audit_rules_privileged_commands_apparmor_parser
+
+    # UBTU-22-654085 The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the setfacl command.
+    - audit_rules_execution_setfacl
+
+    # UBTU-22-654015 The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the chacl command.
+    - audit_rules_execution_chacl
+
+    # UBTU-22-654210 The Ubuntu operating system must generate audit records for the use and modification of faillog file.
+    - audit_rules_login_events_faillog
+
+    # UBTU-22-654215 The Ubuntu operating system must generate audit records for the use and modification of the lastlog file.
+    - audit_rules_login_events_lastlog
+
+    # UBTU-22-654080 The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the passwd command.
+    - audit_rules_privileged_commands_passwd
+
+    # UBTU-22-654120 The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the unix_update command.
+    - audit_rules_privileged_commands_unix_update
+
+    # UBTU-22-654050 The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the gpasswd command.
+    - audit_rules_privileged_commands_gpasswd
+
+    # UBTU-22-654020 The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the chage command.
+    - audit_rules_privileged_commands_chage
+
+    # UBTU-22-654125 The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the usermod command.
+    - audit_rules_privileged_commands_usermod
+
+    # UBTU-22-654040 The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the crontab command.
+    - audit_rules_privileged_commands_crontab
+
+    # UBTU-22-654075 The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the pam_timestamp_check command.
+    - audit_rules_privileged_commands_pam_timestamp_check
+
+    # UBTU-22-654175 The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the init_module and finit_module syscall.
+    - audit_rules_kernel_module_loading_init
+    - audit_rules_kernel_module_loading_finit
+
+    # UBTU-22-654170 The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the delete_module syscall
+    - audit_rules_kernel_module_loading_delete
+
+    # UBTU-22-653010 The Ubuntu operating system must have the "auditd" package installed
+    - package_audit_installed
+
+    # UBTU-22-653015 The Ubuntu operating system must produce audit records and reports containing information to establish when, where, what type, the source, and the outcome for all DoD-defined auditable events and actions in near real time.
+    - service_auditd_enabled
+
+    # UBTU-22-212015 The Ubuntu operating system must initiate session audits at system start-up.
+    - grub2_audit_argument
+
+    # UBTU-22-232035 The Ubuntu operating system must configure audit tools with a mode of 0755 or less permissive.
+    - file_permissions_audit_binaries
+
+    # UBTU-22-232110 The Ubuntu operating system must configure audit tools to be owned by root.
+    - file_ownership_audit_binaries
+
+    # UBTU-22-651030 The Ubuntu operating system must use cryptographic mechanisms to protect the integrity of audit tools.
+    - aide_check_audit_tools
+
+    # UBTU-22-654230 The Ubuntu operating system must prevent all software from executing at higher privilege levels than users executing the software and the audit system must be configured to audit the execution of privileged functions.
+    - audit_rules_suid_privilege_function
+
+    ### TODO
+    # UBTU-22-653035 The Ubuntu operating system must allocate audit record storage capacity to store at least one weeks' worth of audit records, when audit records are not immediately sent to a central audit record storage facility.
+    - auditd_audispd_configure_sufficiently_large_partition
+
+    ### TODO
+    # UBTU-22-653020 The Ubuntu operating system audit event multiplexor must be configured to off-load audit logs onto a different system or storage media from the system being audited.
+    #- var_audispd_remote_server=192.168.122.126
+    - package_audit-audispd-plugins_installed
+    - auditd_audispd_configure_remote_server
+
+    # UBTU-22-653040 The Ubuntu operating system must immediately notify the SA and ISSO (at a minimum) when allocated audit record storage volume reaches 75% of the repository maximum audit record storage capacity.
+    - var_auditd_space_left_percentage=25pc
+    - var_auditd_space_left_action=email
+    - auditd_data_retention_space_left_action
+    - auditd_data_retention_space_left
+
+    # UBTU-22-252020 The Ubuntu operating system must record time stamps for audit records that can be mapped to Coordinated Universal Time (UTC) or Greenwich Mean Time (GMT).
+    - ensure_rtc_utc_configuration
+
+    # UBTU-22-654235 The Ubuntu operating system must generate audit records for privileged activities, nonlocal maintenance, diagnostic sessions and other system-level access.
+    - audit_sudo_log_events
+
+    # UBTU-22-654185 The Ubuntu operating system must generate audit records for any successful/unsuccessful use of unlink, unlinkat, rename, renameat, and rmdir system calls.
+    - audit_rules_file_deletion_events_unlink
+    - audit_rules_file_deletion_events_rmdir
+    - audit_rules_file_deletion_events_renameat
+    - audit_rules_file_deletion_events_rename
+    - audit_rules_file_deletion_events_unlinkat
+
+    # UBTU-22-654200 The Ubuntu operating system must generate audit records for the /var/log/wtmp file.
+    - audit_rules_session_events_wtmp
+
+    # UBTU-22-654205 The Ubuntu operating system must generate audit records for the /var/run/wtmp file.
+    - audit_rules_session_events_utmp
+
+    # UBTU-22-654195 The Ubuntu operating system must generate audit records for the /var/log/btmp file.
+    - audit_rules_session_events_btmp
+
+    # UBTU-22-654060 The Ubuntu operating system must generate audit records when successful/unsuccessful attempts to use modprobe command
+    - audit_rules_privileged_commands_modprobe
+
+    ### TODO (double check, focal uses kmod_0)
+    # UBTU-22-654055 The Ubuntu operating system must generate audit records when successful/unsuccessful attempts to use the kmod command.
+    - audit_rules_privileged_commands_kmod
+
+    # UBTU-22-654045 The Ubuntu operating system must generate audit records when successful/unsuccessful attempts to use the fdisk command.
+    - audit_rules_privileged_commands_fdisk
+
+    ### TODO
+    # UBTU-22-651035 The Ubuntu operating system must have a crontab script running weekly to offload audit events of standalone systems.
+    - auditd_offload_logs
+
+    ### TODO
+    # UBTU-22-412020 The Ubuntu operating system must limit the number of concurrent sessions to ten for all accounts and/or account types.
+    - var_accounts_max_concurrent_login_sessions=10
+    - accounts_max_concurrent_login_sessions
+
+    # UBTU-22-213010 The Ubuntu operating system must restrict access to the kernel message buffer.
+    - sysctl_kernel_dmesg_restrict
+
+    ### TODO
+    # UBTU-22-652015 The Ubuntu operating system must monitor remote access methods.
+    - rsyslog_remote_access_monitoring
+
+    # UBTU-22-611070 The Ubuntu operating system must encrypt all stored passwords with a FIPS 140-3 approved cryptographic hashing algorithm.
+    - set_password_hashing_algorithm_logindefs
+
+    # UBTU-22-215035 The Ubuntu operating system must not have the telnet package installed.
+    - package_telnetd_removed
+
+    # UBTU-22-215030 The Ubuntu operating system must not have the rsh-server package installed.
+    - package_rsh-server_removed
+
+    # UBTU-22-251030 The Ubuntu operating system must be configured to prohibit or restrict the use of functions, ports, protocols, and/or services, as defined in the PPSM CAL and vulnerability assessments.
+    - ufw_only_required_services
+
+    # UBTU-22-411010 The Ubuntu operating system must prevent direct login into the root account.
+    - prevent_direct_root_logins
+
+    # UBTU-22-411035 The Ubuntu operating system must disable account identifiers (individuals, groups, roles, and devices) after 35 days of inactivity.
+    - account_disable_post_pw_expiration
+
+    ### TODO
+    # UBTU-22-411040 The Ubuntu operating system must provision temporary user accounts with an expiration time of 72 hours or less.
+    - account_temp_expire_date
+
+    # UBTU-22-232145 The Ubuntu operating system must set a sticky bit  on all public directories to prevent unauthorized and unintended information transferred via shared system resources.
+    - dir_perms_world_writable_sticky_bits
+
+    ### TODO
+    # UBTU-22-253010 The Ubuntu operating system must be configured to use TCP syncookies.
+    - sysctl_net_ipv4_tcp_syncookies
+
+    # UBTU-22-213015 The Ubuntu operating system must disable kernel core dumps  so that it can fail to a secure state if system initialization fails, shutdown fails or aborts fail.
+    - service_kdump_disabled
+
+    # UBTU-22-231010 Ubuntu operating systems handling data requiring "data at rest" protections must employ cryptographic mechanisms to prevent unauthorized disclosure and modification of the information at rest.
+    - encrypt_partitions
+
+    ### TODO
+    # UBTU-22-211010 The Ubuntu operating system must deploy Endpoint Security for Linux Threat Prevention (ENSLTP).
+    #- package_mfetp_installed
+
+    # UBTU-22-232026 The Ubuntu operating system must generate error messages that provide information necessary for corrective actions without revealing information that could be exploited by adversaries.
+    - permissions_local_var_log
+
+    # UBTU-22-232125 The Ubuntu operating system must configure the /var/log directory to be group-owned by syslog.
+    - file_groupowner_var_log
+
+    # UBTU-22-232120 The Ubuntu operating system must configure the /var/log directory to be owned by root.
+    - file_owner_var_log
+
+    # UBTU-22-232025 The Ubuntu operating system must configure the /var/log directory to have mode 0750 or less permissive.
+    - file_permissions_var_log
+
+    # UBTU-22-232135 The Ubuntu operating system must configure the /var/log/syslog file to be group-owned by adm.
+    - file_groupowner_var_log_syslog
+
+    # UBTU-22-232130 The Ubuntu operating system must configure /var/log/syslog file to be owned by syslog.
+    - file_owner_var_log_syslog
+
+    # UBTU-22-232030 The Ubuntu operating system must configure /var/log/syslog file with mode 0640 or less permissive.
+    - file_permissions_var_log_syslog
+
+    # UBTU-22-232010 The Ubuntu operating system must have directories that contain system commands set to a mode of 0755 or less permissive.
+    - dir_permissions_binary_dirs
+
+    # UBTU-22-232040 The Ubuntu operating system must have directories that contain system commands owned by root.
+    - dir_ownership_binary_dirs
+
+    # UBTU-22-232045 The Ubuntu operating system must have directories that contain system commands group-owned by root.
+    - dir_groupownership_binary_dirs
+
+    # UBTU-22-232020 The Ubuntu operating system library files must have mode 0755 or less permissive.
+    - file_permissions_library_dirs
+
+    # UBTU-22-232070 The Ubuntu operating system library files must be owned by root.
+    - file_ownership_library_dirs
+
+    # UBTU-22-232060 The Ubuntu operating system library directories must be owned by root.
+    - dir_ownership_library_dirs
+
+    # UBTU-22-232075 The Ubuntu operating system library files must be group-owned by root.
+    - root_permissions_syslibrary_files
+
+    # UBTU-22-232065 The Ubuntu operating system library directories must be group-owned by root.
+    - dir_group_ownership_library_dirs
+
+    # UBTU-22-652010 The Ubuntu operating system must be configured to preserve log records from failure events.
+    - service_rsyslog_enabled
+
+    # UBTU-22-251010 The Ubuntu operating system must have an application firewall installed in order to control remote access methods.
+    - package_ufw_installed
+
+    # UBTU-22-215015 The Ubuntu operating system must have the "chrony" package installed
+    - package_chrony_installed
+
+    ### TODO
+    # UBTU-22-252010 The Ubuntu operating system must, for networked systems, compare internal information system clocks at least every 24 hours with a server which is synchronized to one of the redundant United States Naval Observatory (USNO) time servers, or a time server designated for the appropriate DoD network (NIPRNet/SIPRNet), and/or the Global Positioning System (GPS).
+    - var_time_service_set_maxpoll=18_hours
+    - chronyd_or_ntpd_set_maxpoll
+
+    ### TODO
+    # UBTU-22-252015 The Ubuntu operating system must synchronize internal information system clocks to the authoritative time source when the time difference is greater than one second.
+    - chronyd_sync_clock
+
+    # UBTU-22-651020 The Ubuntu operating system must notify designated personnel if baseline configurations are changed in an unauthorized manner. The file integrity tool must notify the System Administrator when changes to the baseline configuration or anomalies in the oper
+    - aide_disable_silentreports
+
+    ### TODO
+    # UBTU-22-214010 The Ubuntu operating system's Advance Package Tool (APT) must be configured to prevent the installation of patches, service packs, device drivers, or Ubuntu operating system components without verification they have been digitally signed using a certificate that is recognized and approved by the organization.
+    - apt_conf_disallow_unauthenticated
+
+    # UBTU-22-431010 The Ubuntu operating system must be configured to use AppArmor.
+    - package_apparmor_installed
+
+    # UBTU-22-431015 The Ubuntu operating system must be configured to use AppArmor.
+    - apparmor_configured
+
+    # UBTU-22-411020 The Ubuntu operating system must allow the use of a temporary password for system logons with an immediate change to a permanent password.
+    - policy_temp_passwords_immediate_change
+
+    ### TODO
+    # UBTU-22-631015 The Ubuntu operating system must be configured such that Pluggable Authentication Module (PAM) prohibits the use of cached authentications after one day.
+    - sssd_offline_cred_expiration
+
+    # UBTU-22-671010 The Ubuntu operating system must implement NIST FIPS-validated cryptography  to protect classified information and for the following: to provision digital signatures, to generate cryptographic hashes, and to protect unclassified information requiring confidentiality and cryptographic protection in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards.
+    - is_fips_mode_enabled
+
+    ### TODO
+    # UBTU-22-631010 The Ubuntu operating system must only allow the use of DoD PKI-established certificate authorities for verification of the establishment of protected sessions.
+    - only_allow_dod_certs
+
+    ### TODO
+    # UBTU-22-251025 The Ubuntu operating system must configure the uncomplicated firewall to rate-limit impacted network interfaces.
+    - ufw_rate_limit
+
+    ### TODO
+    # UBTU-22-213025 The Ubuntu operating system must implement non-executable data to protect its memory from unauthorized code execution.
+    - bios_enable_execution_restrictions
+
+    # UBTU-22-213020 The Ubuntu operating system must implement address space layout randomization to protect its memory from unauthorized code execution.
+    - sysctl_kernel_randomize_va_space
+
+    # UBTU-22-214015 The Ubuntu operating system must be configured so that Advance Package Tool (APT) removes all software components after updated versions have been installed.
+    - clean_components_post_updating
+
+    # UBTU-22-651010 The Ubuntu operating system must use a file integrity tool to verify correct operation of all security functions.
+    - package_aide_installed
+
+    ### TODO
+    # UBTU-22-651015 The Ubuntu operating system must use a file integrity tool to verify correct operation of all security functions.
+    - aide_build_database
+
+    ### TODO
+    # UBTU-22-412015 The Ubuntu operating system must display the date and time of the last successful account logon upon logon.
+    - display_login_attempts
+
+    # UBTU-22-251015 The Ubuntu operating system must have an application firewall enabled.
+    - service_ufw_enabled
+
+    # UBTU-22-251020 The Ubuntu operating system must have an application firewall enabled.
+    # same as UBTU-22-251015
+
+    ### TODO
+    # UBTU-22-291015 The Ubuntu operating system must disable all wireless network adapters.
+    - wireless_disable_interfaces
+
+    # UBTU-22-232015 The Ubuntu operating system must have system commands set to a mode of 0755 or less permissive.
+    # rule has a few extra directories
+    - file_permissions_binary_dirs
+
+    # UBTU-22-232050 The Ubuntu operating system must have system commands owned by root.
+    - file_ownership_binary_dirs
+
+    # UBTU-22-232055 The Ubuntu operating system must have system commands group-owned by root.
+    - file_groupownership_system_commands_dirs
+
+    ### TODO
+    # UBTU-22-271030 The Ubuntu operating system must disable the x86 Ctrl-Alt-Delete key sequence if a graphical user interface is installed.
+    - dconf_gnome_disable_ctrlaltdel_reboot
+
+    # UBTU-22-211015 The Ubuntu operating system must disable the x86 Ctrl-Alt-Delete key sequence.
+    - disable_ctrlaltdel_reboot
+    - disable_ctrlaltdel_burstaction
+
+    # UBTU-22-291010 The Ubuntu operating system must disable automatic mounting of Universal Serial Bus (USB) mass storage driver.
+    - kernel_module_usb-storage_disabled
+
+    # UBTU-22-611065 The Ubuntu operating system must not have accounts configured with blank or null passwords.
+    - no_empty_passwords_etc_shadow
+
+    # UBTU-22-611060 The Ubuntu operating system must not allow accounts configured with blank or null passwords.
+    - no_empty_passwords
+
+    ### TODO (fix dconf issues)
+    # UBTU-22-271025 must initiate a graphical session lock after 15 minutes of inactivity
+    - inactivity_timeout_value=15_minutes
+    - var_screensaver_lock_delay=immediate
+    - dconf_gnome_screensaver_lock_delay
+    - dconf_gnome_screensaver_idle_delay
+
+    # UBTU-22-654220 The Ubuntu operating system must generate audit records when successful/unsuccessful attempts to modify the /etc/sudoers file occur
+    - audit_rules_sudoers
+
+    # UBTU-22-654225 The Ubuntu operating system must generate audit records when successful/unsuccessful attempts to modify the /etc/sudoers.d directory occur
+    - audit_rules_sudoers_d
+
+    ### TODO (rule needed; reevaluate requirement)
+    # Analogous to set_password_hashing_algorithm_passwordauth
+    # UBTU-22-611055 The Ubuntu operating system must store only encrypted representations of passwords
+
+    ### TODO (rule needed)
+    # Analogous to audit_rules_login_events_lastlog
+    # UBTU-22-654190 The Ubuntu operating system must generate audit records for all events that affect the systemd journal files
+
+    ### TODO (rule needed)
+    # Analogous to package_telnetd_removed
+    # UBTU-22-215025 The Ubuntu operating system must not have the "ntp" package installed
+
+    ### TODO (rule needed)
+    # Analogous to package_telnetd_removed
+    # UBTU-22-215020 The Ubuntu operating system must not have the "systemd-timesyncd" package installed
+
+    ### TODO (rule needed; reevaluate permissions)
+    # Similar to file_permissions_library_dirs and dir_permissions_library_dirs
+    # UBTU-22-232027 The Ubuntu operating system must generate system journal entries without revealing information that could be exploited by adversaries
+
+    ### TODO (rule needed)
+    # Analogous to directory_ownership_var_log_audit
+    # UBTU-22-232080 The Ubuntu operating system must configure the directories used by the system journal to be owned by "root"
+
+    ### TODO (rule needed)
+    # Analogous to directory_group_ownership_var_log_audit
+    # UBTU-22-232085 The Ubuntu operating system must configure the directories used by the system journal to be group-owned by "systemd-journal"
+
+    ### TODO (rule needed)
+    # Analogous to file_ownership_var_log_audit
+    # UBTU-22-232090 The Ubuntu operating system must configure the files used by the system journal to be owned by "root"
+
+    ### TODO (rule needed)
+    # Analogous to file_group_ownership_var_log_audit
+    # UBTU-22-232095 The Ubuntu operating system must configure the files used by the system journal to be group-owned by "systemd-journal"
+
+    ### TODO (rule needed)
+    # Similar to file_ownership_var_log_audit
+    # UBTU-22-232100 The Ubuntu operating system must be configured so that the "journalctl" command is owned by "root"
+
+    ### TODO (rule needed)
+    # Similar to file_group_ownership_var_log_audit
+    # UBTU-22-232105 The Ubuntu operating system must be configured so that the "journalctl" command is group-owned by "root"
+
+    ### TODO (rule needed)
+    # Similar to file_permissions_var_log_audit
+    # UBTU-22-232140 The Ubuntu operating system must be configured so that the "journalctl" command is not accessible by unauthorized users
+