IBM BigFix Compliance: Updated CIS Checklist for Ubuntu 14.04 LTS Server and Ubuntu 16.04 LTS Server published 2017-09-27

IBM BigFix Compliance

Updated CIS Checklist for Ubuntu 14.04 LTS Server and Ubuntu 16.04 LTS Server to fix a remediation action defect

Security Benchmark:
CIS Ubuntu Linux 14.04 LTS Benchmark, v2.0.0
CIS Ubuntu Linux 16.04 LTS Benchmark, v1.0.0

Published Sites:
CIS Checklist for Ubuntu 14.04 LTS Server, site version 4
CIS Checklist for Ubuntu 16.04 LTS Server, site version 3
(The site version is provided for air-gap customers.)

· xccdf_org.cisecurity.benchmarks_rule_5.3.4_Ensure_password_hashing_algorithm_is_SHA-512 : “(L1) Ensure_password_hashing_algorithm_is_SHA-512”, the remediation was not working correctly as it was replacing every occurrence of ‘sha’ with ‘sha512’ i.e replacing ‘shadow’ with ‘sha512’ instead of replacing other hashing algorithm with “sha512”. This was fixed by modifying the remediation logic to replace only other hashing algorithms with ‘sha512’ and not alter any other words that have ‘sha’ present in it.

Actions to take:
· If you are already subscribed to this site, no action is needed.

· To subscribe to the above site, you can use the License Overview Dashboard to enable and gather the site. Note that you must be entitled to the BigFix Compliance product and you must be using IBM BigFix version 9.2 and later.

More information:
To know more about the IBM BigFix Compliance SCM checklists, please see the following resources:
IBM Developer Works:!/wiki/Tivoli%20Endpoint%20Manager/page/SCM%20Checklists

IBM BigFix Blog:

IBM BigFix Forum:

We hope you find this latest release of SCM content useful and effective. Thank you!

– The IBM BigFix Compliance team