An Ubuntu system can be audited for the DISA-STIG rules using the
$ sudo usg audit disa_stig
usg audit command will automatically create an HTML report, to be viewed using a browser as well as an XML report and they will be stored at
Customizing the DISA-STIG compliance
Not all rules can be applied without additional input from the operator. You can provide that input using a tailoring file, as demonstrated below. Furthermore, a tailoring file allows you to select the rules to comply or not comply against.
Generate a tailoring file
$ sudo usg generate-tailoring disa_stig tailor.xml
Edit the tailoring file and go through the rules shown as comments.
For example to set the remote auditd server (rule UBTU-20-010216), find the text:
<!-- UBTU-20-010216 <xccdf:set-value idref="var_audispd_remote_server">logcollector</xccdf:set-value>
And replace the logcollector with the name of the server. To disable the rule, replace “
selected=true” with “
Audit using the new tailoring file
usg audit --tailoring-file tailor.xml
Fix using the new tailoring file
usg fix --tailoring-file tailor.xml