ubuntu24-stig

Installation
SKILL.md

ubuntu24-stig

DISA STIG V1R1 hardening for Ubuntu 24.04 LTS on AWS EC2. Covers OpenSCAP scanning, idempotent shell remediation for MAC-2_Sensitive, and a catalogue of the most common failures with their exact fixes.

When to use

  • Running an OpenSCAP SCAP scan with U_CAN_Ubuntu_24-04_LTS_V1R1_STIG_SCAP_1-3_Benchmark.xml
  • Applying MAC-2_Sensitive or MAC-2_Public remediation via shell script
  • Fixing individual failing STIG rules (auditd, SSH, PAM, AIDE, sysctl)
  • Reviewing a scan result and explaining what each fail means
  • Preparing an AWS EC2 instance for a STIG compliance audit

Do NOT use for:

  • Ubuntu 22.04 (different STIG benchmark — use U_CAN_Ubuntu_22-04_LTS V1R2)
  • Non-Ubuntu distros (RHEL, Amazon Linux have separate benchmarks)
  • Graphical workstation hardening (most GUI rules are notapplicable on headless EC2)

Installs
2
First Seen
May 23, 2026
ubuntu24-stig — andreab67/agent-skills