The Ubuntu operating system must be a vendor supported release.

STIG ID: UBTU-18-999999  |  SRG: SRG-OS-000480-GPOS-00227 | Severity: high |  CCI: CCI-000366

Vulnerability Discussion

An Ubuntu operating system release is considered "supported" if the vendor continues to provide security patches for the product. With an unsupported release, it will not be possible to resolve security issues discovered in the system software.

Check

Verify the version of the Ubuntu operating system is vendor supported.

Check the version of the Ubuntu operating system with the following command:

# cat /etc/lsb-release

DISTRIB_RELEASE=18.04
DISTRIB_CODENAME=bionic
DISTRIB_DESCRIPTION="Ubuntu 18.04.1 LTS"

Validate that "Extended Security Maintenance" support has been purchased from the vendor.
If the operating system does not have a documented "Extended Security Maintenance" agreement in place, this is a finding.

Fix

Upgrade to a supported version of the Ubuntu operating system.
This website is not created by, run, approved, or endorsed by the U.S. Department of Defense. Use at your own risk. This website is created by open-source software.