ubuntu24-stig
Installation
SKILL.md
ubuntu24-stig
DISA STIG V1R1 hardening for Ubuntu 24.04 LTS on AWS EC2. Covers OpenSCAP scanning, idempotent shell remediation for MAC-2_Sensitive, and a catalogue of the most common failures with their exact fixes.
When to use
- Running an OpenSCAP SCAP scan with
U_CAN_Ubuntu_24-04_LTS_V1R1_STIG_SCAP_1-3_Benchmark.xml - Applying MAC-2_Sensitive or MAC-2_Public remediation via shell script
- Fixing individual failing STIG rules (auditd, SSH, PAM, AIDE, sysctl)
- Reviewing a scan result and explaining what each
failmeans - Preparing an AWS EC2 instance for a STIG compliance audit
Do NOT use for:
- Ubuntu 22.04 (different STIG benchmark — use U_CAN_Ubuntu_22-04_LTS V1R2)
- Non-Ubuntu distros (RHEL, Amazon Linux have separate benchmarks)
- Graphical workstation hardening (most GUI rules are
notapplicableon headless EC2)