Ubuntu
scap-security-guide package

How to get SCAP Security Guide for Ubuntu 22.04

Asked by Sanjay Nipane

Hi,

We are implementing Hardening and Compliance check for Linux family OS. We just now implemented for Ubuntu 20.04 using OpenSCAP tools.

For generating SCAP Security Guide for Ubuntu 20.04, we had enabled usg tool on the Azure VM and then ran oscap command to generate the configuration evaluation -

sudo oscap xccdf eval --profile xccdf_org.ssgproject.content_profile_cis_level1_server --results-arf arf.xml --report report.html /usr/share/ubuntu-scap-security-guides/1/benchmarks/ssg-ubuntu2004-ds.xml

For Ubuntu 22.04, when we are following same commands then we get error as. - ´Ubuntu Security Guide is not available for Ubuntu 22.04 LTS (Jammy Jellyfish).´

Please advise if we have any way to get this SSG guide.

Question information

Language:
English Edit question
Status:
Solved
For:
Ubuntu scap-security-guide Edit question
Assignee:
No assignee Edit question
Solved by:
Sanjay Nipane
Solved:
Last query:
Last reply:
Revision history for this message
Bernard Stafford (bernard010) said : 		#1

https://static.open-scap.org/ssg-guides/ssg-ubuntu2204-guide-cis_level1_server.html
https://ubuntu.com/security/certifications/docs/usg

Revision history for this message
Sanjay Nipane (nipanesanjay) said : 		#2

Thanks Bernard for quick feedback. The SSG guide we know. The question is how we can generate it through commands on the target Ubuntu 22.04 VM. Running same commands which we used for Ubuntu 20.04, those are not giving the same result. it gives error message as - ´Ubuntu Security Guide is not available for Ubuntu 22.04 LTS (Jammy Jellyfish).´

Following are the commands which we are running.

sudo apt-get update

# Installs Ubuntu advantage tools
sudo apt install ubuntu-advantage-tools

# Configure the ua tool using the Open scap keys which is stored in Github secrets
sudo ua attach <token>

# Command to enable the usg tool
sudo ua enable usg
-- Error appears at this stage while enabling usg

# Command to install the usg tool
sudo apt install usg -y

# Run OpenSCAP to do compliance check and generate the html report with a specific file name.
sudo oscap xccdf eval --profile xccdf_org.ssgproject.content_profile_cis_level1_server --results-arf arf.xml --report $1 /usr/share/ubuntu-scap-security-guides/1/benchmarks/ssg-ubuntu2004-ds.xml

Revision history for this message
Sanjay Nipane (nipanesanjay) said : 		#3

Hi, please advise if anyone is having any idea (or alternative) around this problem.

Revision history for this message
Sanjay Nipane (nipanesanjay) said : 		#4

Hi team,

Can anyone please advise on this issue. Thanks

Revision history for this message
Sanjay Nipane (nipanesanjay) said : 		#5

Hi,

From this link - https://github.com/ComplianceAsCode/content/releases we found the ssg-ubuntu2004-ds.xml file and then after installing OpenSCAP tool on the VM, we were able to generate the evaluation report for Ubuntu 22.04