Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Auditing an Ubuntu System for DISA-STIG compliance

Auditing

An Ubuntu system can be audited for the DISA-STIG rules using the usg command.

$ sudo usg audit disa_stig

The usg audit command will automatically create an HTML report, to be viewed using a browser as well as an XML report and they will be stored at /var/lib/usg/.

Customizing the DISA-STIG compliance

Not all rules can be applied without additional input from the operator. You can provide that input using a tailoring file, as demonstrated below. Furthermore, a tailoring file allows you to select the rules to comply or not comply against.

  1. Generate a tailoring file
    $ sudo usg generate-tailoring disa_stig tailor.xml

  2. Edit the tailoring file and go through the rules shown as comments.

For example to set the remote auditd server (rule UBTU-20-010216), find the text:

<!-- UBTU-20-010216
<xccdf:set-value idref="var_audispd_remote_server">logcollector</xccdf:set-value>

And replace the logcollector with the name of the server. To disable the rule, replace “selected=true” with “selected=false”.

  1. Audit using the new tailoring file
    usg audit --tailoring-file tailor.xml

  2. Fix using the new tailoring file
    usg fix --tailoring-file tailor.xml

This page was last modified 1 year, 4 months ago. Help improve this document in the forum.