Update PowerSTIG to Parse/Apply CAN_Ubuntu_18-04_LTS_V2R10_STIG (#1208)

* added support for ubuntu V2R10

* added changelog update

* added org settings

* added RHEL7 V3R10 (#1207)

* added support for ubuntu V2R10

* added changelog update

* added org settings

* fixed typo in readme

CHANGELOG.md

@@ -3,6 +3,7 @@
 ## [Unreleased]
 
 * Update PowerSTIG to Parse/Apply Red Hat Enterprise Linux 7 STIG V3R10: [#1193](https://github.com/microsoft/PowerStig/issues/1193)
+* Update PowerSTIG to Parse/Apply CAN_Ubuntu_18-04_LTS_V2R10_STIG: [#1191](https://github.com/microsoft/PowerStig/issues/1191)
 * Update PowerSTIG to Parse/Apply Microsoft IIS 10.0 STIG V2R8: [#1196](https://github.com/microsoft/PowerStig/issues/1196)
 * Update PowerSTIG to Parse/Apply Google Chrome V2R8 [#1192](https://github.com/microsoft/PowerStig/issues/1192)
 * Update PowerSTIG to Parse/Apply Microsoft IIS 8.5 Site V2R7 & Server STIG V2R5 [#1195](https://github.com/microsoft/PowerStig/issues/1195)

README.md

@@ -72,7 +72,7 @@ For detailed information, please see the [StigData Wiki](https://github.com/Micr
 
 PowerStig.DSC is not really a specific module, but rather a collection of PowerShell Desired State Configuration (DSC) composite resources to manage the configurable items in each STIG.
 Each composite uses [PowerStig.Data](#powerstigdata) classes to retrieve PowerStig XML.
-This allows the PowerStig.Data classes to manage exceptions, Org settings, and skipped rules uniformly across all composite resources. The standard DSC ResourceID's can them be used by additional automation to automatically generate compliance reports or trigger other automation solutions.
+This allows the PowerStig.Data classes to manage exceptions, Org settings, and skipped rules uniformly across all composite resources. The standard DSC ResourceID's can then be used by additional automation to automatically generate compliance reports or trigger other automation solutions.
 
 ### Composite Resources
 

source/Module/Common/Functions.XccdfXml.ps1

@@ -514,8 +514,8 @@ function Split-BenchmarkId
         {$PSItem -match 'Ubuntu'}
         {
             $ubuntuId = $id -split '_'
-            $ubuntuVersion = $ubuntuId[3] -replace '-', '.'
-            $returnId = '{0}_{1}' -f $ubuntuId[2], $ubuntuVersion
+            $ubuntuVersion = $ubuntuId[-1] -replace '-', '.'
+            $returnId = '{0}_{1}' -f $ubuntuId[-2], $ubuntuVersion
             continue
         }
         default

source/StigData/Archive/Linux.Ubuntu/U_CAN_Ubuntu_18-04_LTS_STIG_V2R8_Manual-xccdf.log → source/StigData/Archive/Linux.Ubuntu/U_CAN_Ubuntu_18-04_LTS_STIG_V2R10_Manual-xccdf.log

@@ -8,3 +8,4 @@ V-219303::*::HardCodedRule(nxFileRule)@{DscResource = 'nxFile'; FilePath = '/etc
 V-219306::*::HardCodedRule(nxFileLineRule)@{DscResource = 'nxFileLine'; ContainsLine = 'auth.*,authpriv.* /var/log/secure'; DoesNotContainPattern = '#\s*auth\.\*,\s*authpriv\.\*.*'; FilePath = '/etc/rsyslog.d/50-default.conf'}<splitRule>HardCodedRule(nxFileLineRule)@{DscResource = 'nxFileLine'; ContainsLine = 'daemon.notice /var/log/messages'; DoesNotContainPattern = '#\sdaemon.*'; FilePath = '/etc/rsyslog.d/50-default.conf'}
 V-219307::Ciphers aes256-ctr,aes192-ctr, aes128-ctr::Ciphers aes256-ctr,aes192-ctr,aes128-ctr
 V-219339::*::HardCodedRule(nxFileRule)@{DscResource = 'nxFile'; FilePath = '/etc/modprobe.d/DISASTIG.conf'}<splitRule>HardCodedRule(nxFileLineRule)@{DscResource = 'nxFileLine'; ContainsLine = 'install usb-storage /bin/true'; DoesNotContainPattern = '#\s*install\s*usb-storage\s*/bin/true'; FilePath = '/etc/modprobe.d/DISASTIG.conf'}<splitRule>HardCodedRule(nxFileLineRule)@{DscResource = 'nxFileLine'; ContainsLine = 'blacklist usb-storage'; DoesNotContainPattern = '#\s*blacklist\s*usb-storage'; FilePath = '/etc/modprobe.d/DISASTIG.conf'}
+V-219343::*::HardCodedRule(nxPackageRule)@{DscResource = 'nxPackage'; Ensure = 'Present'; Name = 'aide'}

source/StigData/Processed/Ubuntu-18.04-2.8.org.default.xml → source/StigData/Processed/Ubuntu-18.04-2.10.org.default.xml

@@ -1,43 +1,43 @@
-<!--
-    The organizational settings file is used to define the local organizations
-    preferred setting within an allowed range of the STIG.
-
-    Each setting in this file is linked by STIG ID and the valid range is in an
-    associated comment.
--->
-<OrganizationalSettings fullversion="2.8">
-  <!-- Ensure the following statement is true when leveraging the correct nxFileLine ContainsLine format: If the space_left_action parameter is set to "email" set the action_mail_acct parameter to an e-mail address for the System Administrator (SA) and Information System Security Officer (ISSO). If the space_left_action parameter is set to "exec", make sure the command being execute notifies the System Administrator (SA) and Information System Security Officer (ISSO).-->
-  <OrganizationalSetting id="V-219152.a" ContainsLine="space_left_action = email" DoesNotContainPattern="^#\s*space_left_action.*" />
-  <!-- Ensure the following statement is true when leveraging the correct nxFileLine ContainsLine format: Set the space_left parameter to be, at least, 25% of the repository maximum audit record storage capacity. -->
-  <OrganizationalSetting id="V-219152.b" ContainsLine="" DoesNotContainPattern="" />
-  <!-- Ensure the following statement is true when leveraging the correct nxFileLine ContainsLine format: If the remote_server parameter is not set or is set with a local address, or is set with invalid address, this is a finding i.e.: remote_server = <your remote audit log server ip>-->
-  <OrganizationalSetting id="V-219153.c" ContainsLine="" DoesNotContainPattern="" />
-  <!-- Ensure the following statement is true when leveraging the correct nxFileLine ContainsLine format: "If the "ucredit" parameter is greater than "-1", or is commented out, this is a finding." -->
-  <OrganizationalSetting id="V-219172" ContainsLine="ucredit=-1" DoesNotContainPattern="^#\s*ucredit.*$|^ucredit\s*=\s*(?!-1\b)\w*$" />
-  <!-- Ensure the following statement is true when leveraging the correct nxFileLine ContainsLine format: "If the "lcredit" parameter is greater than "-1", or is commented out, this is a finding." -->
-  <OrganizationalSetting id="V-219173" ContainsLine="lcredit=-1" DoesNotContainPattern="^#\s*lcredit.*$|^lcredit\s*=\s*(?!-1\b)\w*$" />
-  <!-- Ensure the following statement is true when leveraging the correct nxFileLine ContainsLine format: "If the "dcredit" parameter is greater than "-1", or is commented out, this is a finding." -->
-  <OrganizationalSetting id="V-219174" ContainsLine="dcredit=-1" DoesNotContainPattern="^#\s*dcredit.*$|^dcredit\s*=\s*(?!-1\b)\w*$" />
-  <!-- Ensure the following statement is true when leveraging the correct nxFileLine ContainsLine format: "If the "difok" parameter is less than "8", or is commented out, this is a finding." -->
-  <OrganizationalSetting id="V-219175" ContainsLine="difok=8" DoesNotContainPattern="^\s*difok\s*=\s*(-|)[0-7]$|#\s*difok\s*=.*|difok\s+=\s+.*" />
-  <!-- Ensure the following statement is true when leveraging the correct nxFileLine ContainsLine format: "If "ENCRYPT_METHOD" does not equal SHA512 or greater, this is a finding." -->
-  <OrganizationalSetting id="V-219176" ContainsLine="ENCRYPT_METHOD SHA512" DoesNotContainPattern="#\s*ENCRYPT_METHOD\s*SHA512" />
-  <!-- Ensure the following statement is true when leveraging the correct nxFileLine ContainsLine format: "If the "PASS_MIN_DAYS" parameter value is less than 1, or commented out, this is a finding." -->
-  <OrganizationalSetting id="V-219178" ContainsLine="PASS_MIN_DAYS 1" DoesNotContainPattern="^\s*PASS_MIN_DAYS\s*[0]*$|#\s*PASS_MIN_DAYS.*" />
-  <!-- Ensure the following statement is true when leveraging the correct nxFileLine ContainsLine format: "If the "PASS_MAX_DAYS" parameter value is less than 60, or commented out, this is a finding." -->
-  <OrganizationalSetting id="V-219179" ContainsLine="PASS_MAX_DAYS 60" DoesNotContainPattern="^\s*PASS_MAX_DAYS\s*([6][1-9]|[7-9][0-9]|\d{3,})$|#\s*PASS_MAX_DAYS.*" />
-  <!-- Ensure the following statement is true when leveraging the correct nxFileLine ContainsLine format: "If "minlen" parameter value is not 15 or higher, or is commented out, this is a finding." -->
-  <OrganizationalSetting id="V-219181" ContainsLine="minlen=15" DoesNotContainPattern="^\s*minlen\s*=\s*([0-9]|[1][1-4])$|#\s*minlen.*" />
-  <!-- Ensure the following statement is true when leveraging the correct nxFileLine ContainsLine format: "If the "ocredit" parameter is greater than "-1", or is commented out, this is a finding." -->
-  <OrganizationalSetting id="V-219210" ContainsLine="ocredit=-1" DoesNotContainPattern="^#\s*ocredit.*$|^ocredit\s*=\s*(?!-1)\w*$" />
-  <!-- Ensure the following statement is true when leveraging the correct nxFileLine ContainsLine format: "If the value of the "action_mail_acct" keyword is not set to "root" and/or other accounts for security personnel, the "action_mail_acct" keyword is missing, or the returned line is commented out, this is a finding." -->
-  <OrganizationalSetting id="V-219226" ContainsLine="action_mail_acct = root" DoesNotContainPattern="#\s*action_mail_acct\s*=\s*root" />
-  <!-- Ensure the following statement is true when leveraging the correct nxFileLine ContainsLine format: If the value of the "disk_full_action" option is not "SYSLOG", "SINGLE", or "HALT", or the line is commented out, this is a finding. -->
-  <OrganizationalSetting id="V-219227" ContainsLine="disk_full_action = HALT" DoesNotContainPattern="#\s*disk_full_action.*|^\s*disk_full_action\s*=\s*(?!HALT\b)\w+" />
-    <!-- Ensure the following statement is true when leveraging the correct nxFileLine ContainsLine format: "If the "maxlogins" item is missing, or the value is not set to 10 or less, or is commented out, this is a finding." -->
-  <OrganizationalSetting id="V-219301" ContainsLine="* hard maxlogins 10" DoesNotContainPattern="^\s*\*\s*hard\s*maxlogins\s*([1][1-9]|[2-9]\d+|[1-9][0-9]\d+)$|^#\s*\*\s*hard\s*maxlogins." />
-  <!-- Ensure the following statement is true when leveraging the correct nxFileLine ContainsLine format: "If the file "/etc/profile.d/autologout.sh" does not exist with the contents shown above, the value of "TMOUT" is greater than 900, or the timeout values are commented out, this is a finding.-->
-  <OrganizationalSetting id="V-219303.b" ContainsLine="TMOUT=900" DoesNotContainPattern="^\s*TMOUT\s*=\s*[0-8]?[0-9]?[0-9]?$|^#\s*TMOUT.*" />
-  <!-- Ensure the following statement is true when leveraging the correct nxFileLine ContainsLine format: "If "ClientAliveInterval" does not exist, is not set to a value of "600" or less in "/etc/ssh/sshd_config", or is commented out, this is a finding." -->
-  <OrganizationalSetting id="V-219311" ContainsLine="ClientAliveInterval 600" DoesNotContainPattern="^\s*ClientAliveInterval\s*[0-5]?[0-9]?[0-9]?\s*$|^#\s*ClientAliveInterval.*|^\s*ClientAliveInterval\s*$" />
-</OrganizationalSettings>
+<!--
+    The organizational settings file is used to define the local organizations
+    preferred setting within an allowed range of the STIG.
+
+    Each setting in this file is linked by STIG ID and the valid range is in an
+    associated comment.
+-->
+<OrganizationalSettings fullversion="2.9">
+  <!-- Ensure the following statement is true when leveraging the correct nxFileLine ContainsLine format: If the space_left_action parameter is set to "email" set the action_mail_acct parameter to an e-mail address for the System Administrator (SA) and Information System Security Officer (ISSO). If the space_left_action parameter is set to "exec", make sure the command being execute notifies the System Administrator (SA) and Information System Security Officer (ISSO).-->
+  <OrganizationalSetting id="V-219152.a" ContainsLine="space_left_action = email" DoesNotContainPattern="^#\s*space_left_action.*" />
+  <!-- Ensure the following statement is true when leveraging the correct nxFileLine ContainsLine format: Set the space_left parameter to be, at least, 25% of the repository maximum audit record storage capacity. -->
+  <OrganizationalSetting id="V-219152.b" ContainsLine="" DoesNotContainPattern="" />
+  <!-- Ensure the following statement is true when leveraging the correct nxFileLine ContainsLine format: If the remote_server parameter is not set or is set with a local address, or is set with invalid address, this is a finding i.e.: remote_server = <your remote audit log server ip>-->
+  <OrganizationalSetting id="V-219153.c" ContainsLine="" DoesNotContainPattern="" />
+  <!-- Ensure the following statement is true when leveraging the correct nxFileLine ContainsLine format: "If the "ucredit" parameter is greater than "-1", or is commented out, this is a finding." -->
+  <OrganizationalSetting id="V-219172" ContainsLine="ucredit=-1" DoesNotContainPattern="^#\s*ucredit.*$|^ucredit\s*=\s*(?!-1\b)\w*$" />
+  <!-- Ensure the following statement is true when leveraging the correct nxFileLine ContainsLine format: "If the "lcredit" parameter is greater than "-1", or is commented out, this is a finding." -->
+  <OrganizationalSetting id="V-219173" ContainsLine="lcredit=-1" DoesNotContainPattern="^#\s*lcredit.*$|^lcredit\s*=\s*(?!-1\b)\w*$" />
+  <!-- Ensure the following statement is true when leveraging the correct nxFileLine ContainsLine format: "If the "dcredit" parameter is greater than "-1", or is commented out, this is a finding." -->
+  <OrganizationalSetting id="V-219174" ContainsLine="dcredit=-1" DoesNotContainPattern="^#\s*dcredit.*$|^dcredit\s*=\s*(?!-1\b)\w*$" />
+  <!-- Ensure the following statement is true when leveraging the correct nxFileLine ContainsLine format: "If the "difok" parameter is less than "8", or is commented out, this is a finding." -->
+  <OrganizationalSetting id="V-219175" ContainsLine="difok=8" DoesNotContainPattern="^\s*difok\s*=\s*(-|)[0-7]$|#\s*difok\s*=.*|difok\s+=\s+.*" />
+  <!-- Ensure the following statement is true when leveraging the correct nxFileLine ContainsLine format: "If "ENCRYPT_METHOD" does not equal SHA512 or greater, this is a finding." -->
+  <OrganizationalSetting id="V-219176" ContainsLine="ENCRYPT_METHOD SHA512" DoesNotContainPattern="#\s*ENCRYPT_METHOD\s*SHA512" />
+  <!-- Ensure the following statement is true when leveraging the correct nxFileLine ContainsLine format: "If the "PASS_MIN_DAYS" parameter value is less than 1, or commented out, this is a finding." -->
+  <OrganizationalSetting id="V-219178" ContainsLine="PASS_MIN_DAYS 1" DoesNotContainPattern="^\s*PASS_MIN_DAYS\s*[0]*$|#\s*PASS_MIN_DAYS.*" />
+  <!-- Ensure the following statement is true when leveraging the correct nxFileLine ContainsLine format: "If the "PASS_MAX_DAYS" parameter value is less than 60, or commented out, this is a finding." -->
+  <OrganizationalSetting id="V-219179" ContainsLine="PASS_MAX_DAYS 60" DoesNotContainPattern="^\s*PASS_MAX_DAYS\s*([6][1-9]|[7-9][0-9]|\d{3,})$|#\s*PASS_MAX_DAYS.*" />
+  <!-- Ensure the following statement is true when leveraging the correct nxFileLine ContainsLine format: "If "minlen" parameter value is not 15 or higher, or is commented out, this is a finding." -->
+  <OrganizationalSetting id="V-219181" ContainsLine="minlen=15" DoesNotContainPattern="^\s*minlen\s*=\s*([0-9]|[1][1-4])$|#\s*minlen.*" />
+  <!-- Ensure the following statement is true when leveraging the correct nxFileLine ContainsLine format: "If the "ocredit" parameter is greater than "-1", or is commented out, this is a finding." -->
+  <OrganizationalSetting id="V-219210" ContainsLine="ocredit=-1" DoesNotContainPattern="^#\s*ocredit.*$|^ocredit\s*=\s*(?!-1)\w*$" />
+  <!-- Ensure the following statement is true when leveraging the correct nxFileLine ContainsLine format: "If the value of the "action_mail_acct" keyword is not set to "root" and/or other accounts for security personnel, the "action_mail_acct" keyword is missing, or the returned line is commented out, this is a finding." -->
+  <OrganizationalSetting id="V-219226" ContainsLine="action_mail_acct = root" DoesNotContainPattern="#\s*action_mail_acct\s*=\s*root" />
+  <!-- Ensure the following statement is true when leveraging the correct nxFileLine ContainsLine format: If the value of the "disk_full_action" option is not "SYSLOG", "SINGLE", or "HALT", or the line is commented out, this is a finding. -->
+  <OrganizationalSetting id="V-219227" ContainsLine="disk_full_action = HALT" DoesNotContainPattern="#\s*disk_full_action.*|^\s*disk_full_action\s*=\s*(?!HALT\b)\w+" />
+  <!-- Ensure the following statement is true when leveraging the correct nxFileLine ContainsLine format: "If the "maxlogins" item is missing, or the value is not set to 10 or less, or is commented out, this is a finding." -->
+  <OrganizationalSetting id="V-219301" ContainsLine="* hard maxlogins 10" DoesNotContainPattern="^\s*\*\s*hard\s*maxlogins\s*([1][1-9]|[2-9]\d+|[1-9][0-9]\d+)$|^#\s*\*\s*hard\s*maxlogins." />
+  <!-- Ensure the following statement is true when leveraging the correct nxFileLine ContainsLine format: "If the file "/etc/profile.d/autologout.sh" does not exist with the contents shown above, the value of "TMOUT" is greater than 900, or the timeout values are commented out, this is a finding.-->
+  <OrganizationalSetting id="V-219303.b" ContainsLine="TMOUT=900" DoesNotContainPattern="^\s*TMOUT\s*=\s*[0-8]?[0-9]?[0-9]?$|^#\s*TMOUT.*" />
+  <!-- Ensure the following statement is true when leveraging the correct nxFileLine ContainsLine format: "If "ClientAliveInterval" does not exist, is not set to a value of "600" or less in "/etc/ssh/sshd_config", or is commented out, this is a finding." -->
+  <OrganizationalSetting id="V-219311" ContainsLine="ClientAliveInterval 600" DoesNotContainPattern="^\s*ClientAliveInterval\s*[0-5]?[0-9]?[0-9]?\s*$|^#\s*ClientAliveInterval.*|^\s*ClientAliveInterval\s*$" />
+</OrganizationalSettings>