Auditing an Ubuntu System for DISA-STIG compliance

Auditing

An Ubuntu system can be audited for the DISA-STIG rules using the usg command.

$ sudo usg audit disa_stig

The usg audit command will automatically create an HTML report, to be viewed using a browser as well as an XML report and they will be stored at /var/lib/usg/.

Customizing the DISA-STIG compliance

Not all rules can be applied without additional input from the operator. You can provide that input using a tailoring file, as demonstrated below. Furthermore, a tailoring file allows you to select the rules to comply or not comply against.

  1. Generate a tailoring file
    $ sudo usg generate-tailoring disa_stig tailor.xml

  2. Edit the tailoring file and go through the rules shown as comments.

For example to set the remote auditd server (rule UBTU-20-010216), find the text:

<!-- UBTU-20-010216
<xccdf:set-value idref="var_audispd_remote_server">logcollector</xccdf:set-value>

And replace the logcollector with the name of the server. To disable the rule, replace “selected=true” with “selected=false”.

  1. Audit using the new tailoring file
    usg audit --tailoring-file tailor.xml

  2. Fix using the new tailoring file
    usg fix --tailoring-file tailor.xml

This page was last modified 1 year, 9 months ago. Help improve this document in the forum.