Auditing
An Ubuntu system can be audited for the DISA-STIG rules using the usg command.
$ sudo usg audit disa_stig
The usg audit command will automatically create an HTML report, to be viewed using a browser as well as an XML report and they will be stored at /var/lib/usg/.
Customizing the DISA-STIG compliance
Not all rules can be applied without additional input from the operator. You can provide that input using a tailoring file, as demonstrated below. Furthermore, a tailoring file allows you to select the rules to comply or not comply against.
-
Generate a tailoring file
$ sudo usg generate-tailoring disa_stig tailor.xml -
Edit the tailoring file and go through the rules shown as comments.
For example to set the remote auditd server (rule UBTU-20-010216), find the text:
<!-- UBTU-20-010216
<xccdf:set-value idref="var_audispd_remote_server">logcollector</xccdf:set-value>
And replace the logcollector with the name of the server. To disable the rule, replace “selected=true” with “selected=false”.
-
Audit using the new tailoring file
usg audit --tailoring-file tailor.xml -
Fix using the new tailoring file
usg fix --tailoring-file tailor.xml