Update PowerSTIG to parse and apply Ubuntu 18.04 LTS STIG - Ver 2, Re…

…l 2 (#832) * Migrate PowerSTIG to Azure DevOps for Build and Test (#603) * update folder structure for azure dev ops * dscresource unit test passing * updated unit tests * Unit test pathing update, all passing * updated unit test to ensure regex data files are loaded * updated .tests.header for unit\tools directory * daily commit - Integrated test updates * updated tests based on testing feedback * optimized test header based on feedback * updated build.psd1 case sensitive * update build agent to windows-2019 * update build and azure yml files * added hqrm tests to build yml and dependencies * updated azure-pipelines.yml to include hqrm test * updated HRQM display name * updated test exclusion DSCResources * intro logic to dynamically build requiredmodules * updated yml to reflect master * updated changelog.md * Update azure-pipelines.yml * rename sources to source (#605) * Migrate PowerSTIG to Azure DevOps for Build, Test and Release Deployment (#606) * updated powerstig for dynamic versioning * updated gitversion to reflect base version * updated if statement to adhere to style gls * updated code to adhere to sgl hqrmtest * updated code to adhere to sgl hqrm tests * updated code to adhere to sgl hqrm * update yml files to support CICD pipeline * updated markdown function * update change log structure * updated spacing via PR feedback * updated 2012R2 STIG after convert tests reflected a minor delta * update changelog.md * Update PowerSTIG to parse and apply Vmware Vsphere 6.5 STIG V1R3 (#607) * initial commit for vsphere * updated based on test results * updated based on vsphere module name * updated module manifest to check build status * updated newlines in raw xccdf * updated newline * updated newlies in rules * updated tests * updated processed Stig name * updated vsphere schema * updated composites * updated spacing * updated format * Updated based on feedback * update required parameter for composite * updated service rule * Added Integration DSCresrouce Vsphere Test * reverted changes to test * updated integration tests * added unit tests * added unit tests * added unit tests * updated formatting based on feedback * updated based on feedback * updated comments * updated tests * updated changelog.md * trailing whitespace removed * updated for HQRM tests * updated based on pr feedback * updated case * update code based on PR feedback * updated code based on PR feedback. * updated tests based on PR feedback * updated test based on PR feedback Co-authored-by: Brian Wilhite <bcwilhite@live.com> * added Ubuntu nxPackage support * nxPackage update * added nxService resource script * added nxFileLine Rule type and structure * Regex addition to nxFileLine * daily commit * convertfactory update * daily commit * updated functions * Unable to Import PowerSTIG 4.4.0 Due to cyclic dependency Error (#617) * removed vmware.vspheredsc as a dependency because all of its required dependencies are loaded * updated module load process for VMware modules * updated build.yaml * updated test * Updated tests * removed stop error action * updated formating * updated based on failing hqrm * updated module helper * moved helper module * updated location of module helper * reduced vmware.VsphereDSC version * updated build.yaml * updated data file * update module version schema * updated based on testing * Update changelog * Update based on PR feedback * daily commit * daily commit * JUnit commit * NUnit commit * daily commit * daily commit * update to nxFileLineRule * ubuntu commit * Update PowerSTIG to successfully parse/apply Microsoft IIS Server/Site STIG - Ver 1, Rel10 (#623) * added IIS Server V1R10 * updated changelog and added iis site v1r10 * updated changelog * removed N-2 STIGS * Update PowerSTIG to successfully parse Microsoft SQL Server 2012 Database STIG - Ver 1, Rel 20 (#621) * updated PowerSTIG to use SQL 2012 Database V1R20 * quotes in test * updated tabs to spaces in sql raw xccdf Co-authored-by: Brian Wilhite <bcwilhite@live.com> * explicit Pester version due to 5.x (latest) test failures * Update PowerSTIG to successfully parse/apply Windows Defender Antivirus STIG - V1R8 (#626) * added new Windows Defender STIG V1R8 removed V1R6 * updated based on PR feedback: * merged origin Co-authored-by: Brian Wilhite <bcwilhite@live.com> * initial commit (#640) Co-authored-by: Brian Wilhite <bcwilhite@live.com> * Update PowerSTIG to successfully parse/apply Microsoft IIS 10 Server/Site STIG - V1R1 (#641) * added IIS 10.0 Server * updated IIS 10 site stig * updated based on tests * updated based on tests * updated log file * added esxi 6.5 v1r4 (#637) Co-authored-by: Brian Wilhite <bcwilhite@live.com> * Update PowerSTIG to successfully parse/apply Windows Server 2012 DNS STIG - Ver 1, Rel 14 (#635) * DNS Update commit * removed DNS 1.12 * explicit version for DscResource.Test * Update PowerSTIG to allow for workgroup level scans (#643) * added community requested functionality to not require domain/forest parameters * updated warning message * reverted to old module dscresource.test * Updated based on feedback * updated sql 2016 instance 1.9 (#638) * Update PowerSTIG to successfully parse/apply MS SQL Server 2012 Instance Ver. 1 Rel. 20 (#642) * updated sql 2012 Instance V1R20 * updated Get-SqlTechnologyRole * removed tabs * added a new line to the end of xccdf * update build to use dscresource.test 0.13.1 * updated code based on feedback * Redhat commit * daily commit * daily commit * daily commit * daily commit * daily commit * updated regex * updated rule to use hardcoded framework * updated nxFileLine Rules * updated processed xml based on banner rule * updated exclusionlist * updated TestRange function * daily commit * added RHEL composite * updated RHEL composite and manifest * Update PowerSTIG with new SkipRuleCategory Parameter to skip entire STIG Category/Severity Level(s) (#740) * Fixed Missing OrgSettings for V-88203 - Win10 Client 1.19 and 1.21 (#672) * fixed V-88203 to be org setting with Tenant Guid * updated changelog.md * fixed registry rule issue in sql 2016 (#671) * Release Process Update: Ensure the nuget package uses explicit DSC Resource Module Versions (#670) * dialy commit * updated build task to leverage nuget * added new line for Common.Data.ps1 * warning message to troubleshoot ADO pipeline * updated package tasks * updated release.module.build * updated module * updated release * updated release * updated release * hard coded nuget.exe path * fixed FilePath parameter * dynamically detect nuget.exe * nuget dynamic detection * testing alternate nuget detection * updated release to leverage get-command for nuget detection * updated code to replace only the task needed * updated build funct. conform to style guideline * updated New-NuspecFile funciton * Update PowerSTIG to successfully parse/apply Windows 2012 R2 MS Version 2, Rev 19 (#679) * added support for 2012 R2 V2R19 * added new line to xml * added Server 2019 V1R5,removed V1R2 (#684) * Update PowerSTIG to successfully parse/apply Windows 10 STIG - V1R23 (#682) * Added Windows Client V1R23, Removed Windows CLient V1R19 * Added Windows Client V1R23, Removed Windows CLient V1R19 * removed random tabs * removed tabs from converted * updated based on feedback Co-authored-by: Brian Wilhite <bcwilhite@live.com> * added support for 2016 V1R12 DC/MS (#685) * Fixed: IIS Sever 10.0 STIG hardening rule V-100163 fails with error in Windows Server 2019 while using PowerSTIG 4.4.2 (#689) * updated PowerSTIG to use AccessControlDsc 1.4.1 * updated composites with AccessControlDsc 1.4.1 * Update PowerSTIG to successfully parse/apply IIS 10.0 Site/Server V1R2 STIGs (#701) * added support for IIS 10 Site/Server V1R2 * updated IISServer 10 V1R1 org settings file * Revert "updated IISServer 10 V1R1 org settings file" This reverts commit 54d4e82. * added Firefox V4R29 STIG, remove V4R27 (#700) Co-authored-by: Brian Wilhite <bcwilhite@live.com> * Update PowerSTIG to successfully parse/apply SQL Server 2016 Instance V1R10 (#705) * added SQL 2016 Instance V1R10, removed V1R8 * Updated changelog.md Co-authored-by: Brian Wilhite <bcwilhite@live.com> * added dns V1R15 (#697) squash/merge * Update PowerSTIG To Use xDnsServer version 1.16.0.0 (#703) * Updated xDnsServer version * update module version * updated changelog.md * upgrade xWebadministration to 3.2.0 (#714) * added IE 11 STIG - V1R19 (#708) * Removed Windows Server 2016 DC/MS V1R9 from processed STIGs folder (#710) * removed old 2016 DC/MS processed STIGs * updated changelog.md * Update PowerSTIG to successfully parse/apply IIS Site/Server V1R11 STIGs (#706) * added support for IIS site/server V1R11 * removed old processed STIGs * updated AuditPolicyDsc to 1.4.0.0 (#716) * Allow application of applicable user rights assignments for non-domain and disconnected systems (#719) * updated based on community feedback * update based on feedback * update powerstig to use SecurityPolicyDsc 2.10.0.0 (#717) * updated PowerSTIG to use ComputerMgmtDsc to 8.4.0 (#721) * Added SkipRuleCategory support to PowerSTIG * updating test to be compat with new feature * updated test configs with dynamic logic * updated test logic to run get-dscresource once * updated to disallow skipping doc/man rules * updated integration dscresource tests * PR Feedback updates Co-authored-by: Eric Jenkins <erjenkin@microsoft.com> * Increase Code Coverage of PowerSTIG to %75 (#742) * updated tests for increased code cov part 1 * fixed test * update changelog.md * update changelog * tes * reverted change * added VsphereNTPsetting tests * updated checklist test * updated DomainName Function tests * updated powerstig xml tests * added tests for Convertto-PowerSTIGxml and Compare * updated tests * updated webconfig property rule test * updated to convert all STIGS * removed redundant tests * update only select one of each STIG * added all office stigs * reverted some tests * updated tests: * removed dependency for helper files * updated tests * removed example folder * update based on feedback * updated test * Increase Code Coverage of PowerSTIG (#745) * Fixed Missing OrgSettings for V-88203 - Win10 Client 1.19 and 1.21 (#672) * fixed V-88203 to be org setting with Tenant Guid * updated changelog.md * fixed registry rule issue in sql 2016 (#671) * Release Process Update: Ensure the nuget package uses explicit DSC Resource Module Versions (#670) * dialy commit * updated build task to leverage nuget * added new line for Common.Data.ps1 * warning message to troubleshoot ADO pipeline * updated package tasks * updated release.module.build * updated module * updated release * updated release * updated release * hard coded nuget.exe path * fixed FilePath parameter * dynamically detect nuget.exe * nuget dynamic detection * testing alternate nuget detection * updated release to leverage get-command for nuget detection * updated code to replace only the task needed * updated build funct. conform to style guideline * updated New-NuspecFile funciton * Update PowerSTIG to successfully parse/apply Windows 2012 R2 MS Version 2, Rev 19 (#679) * added support for 2012 R2 V2R19 * added new line to xml * added Server 2019 V1R5,removed V1R2 (#684) * Update PowerSTIG to successfully parse/apply Windows 10 STIG - V1R23 (#682) * Added Windows Client V1R23, Removed Windows CLient V1R19 * Added Windows Client V1R23, Removed Windows CLient V1R19 * removed random tabs * removed tabs from converted * updated based on feedback Co-authored-by: Brian Wilhite <bcwilhite@live.com> * added support for 2016 V1R12 DC/MS (#685) * Fixed: IIS Sever 10.0 STIG hardening rule V-100163 fails with error in Windows Server 2019 while using PowerSTIG 4.4.2 (#689) * updated PowerSTIG to use AccessControlDsc 1.4.1 * updated composites with AccessControlDsc 1.4.1 * Update PowerSTIG to successfully parse/apply IIS 10.0 Site/Server V1R2 STIGs (#701) * added support for IIS 10 Site/Server V1R2 * updated IISServer 10 V1R1 org settings file * Revert "updated IISServer 10 V1R1 org settings file" This reverts commit 54d4e82. * added Firefox V4R29 STIG, remove V4R27 (#700) Co-authored-by: Brian Wilhite <bcwilhite@live.com> * Update PowerSTIG to successfully parse/apply SQL Server 2016 Instance V1R10 (#705) * added SQL 2016 Instance V1R10, removed V1R8 * Updated changelog.md Co-authored-by: Brian Wilhite <bcwilhite@live.com> * added dns V1R15 (#697) squash/merge * Update PowerSTIG To Use xDnsServer version 1.16.0.0 (#703) * Updated xDnsServer version * update module version * updated changelog.md * upgrade xWebadministration to 3.2.0 (#714) * added IE 11 STIG - V1R19 (#708) * Removed Windows Server 2016 DC/MS V1R9 from processed STIGs folder (#710) * removed old 2016 DC/MS processed STIGs * updated changelog.md * Update PowerSTIG to successfully parse/apply IIS Site/Server V1R11 STIGs (#706) * added support for IIS site/server V1R11 * removed old processed STIGs * updated AuditPolicyDsc to 1.4.0.0 (#716) * Allow application of applicable user rights assignments for non-domain and disconnected systems (#719) * updated based on community feedback * update based on feedback * update powerstig to use SecurityPolicyDsc 2.10.0.0 (#717) * updated PowerSTIG to use ComputerMgmtDsc to 8.4.0 (#721) * Added SkipRuleCategory support to PowerSTIG * updating test to be compat with new feature * updated test configs with dynamic logic * updated test logic to run get-dscresource once * updated to disallow skipping doc/man rules * updated integration dscresource tests * testing code coverage * updated registryrule test to include more coverage * updated sqlscriptqueryrule tests * updated setScript in Get-ShutdownOnError function * updated permissionrule tests with add. test case * updated permRule test to increase code coverage * updated changelog * updated test and code coverage threshold * updated code coverage threshold to 81 * updated CC threshold to 80 Co-authored-by: Eric Jenkins <erjenkin@microsoft.com> * removed old stig files after merge with 4.6.0 * updated data and log file based on testing * updated regex data sections based on testing * updated regex data * updated regex patterns for does not contain * added new line in redhat xccdf * added new line to methods for HQRM * created new nxFile rule type for banner rule * update changelog * updated processed xml * updated to RHEL V3R1 * updated code to correct auditrule path * daily commit * updated nxFileLine to parse rule correctly * added more rule support * Update PowerSTIG to include LegacyId to assist in determining Legacy Vuln Ids with the new DISA standard. (#789) * added support for legacyid in processed xml * updated change log * updated tests for legacy id * updated tests to reflect new base rule prop. * Update PowerSTIG to fix LegacyId Logic (#792) * updated legacyid logic * updated changelog * corrected changelog entry * Update PowerSTIG to successfully parse/apply Microsoft Windows 2012 and 2012 R2 MS STIG - Ver 3, Rel 1 (#793) * added support for Win2012R2 MS 3.1 * updated xccdf to have new line based on feedback * updated cert changes from Eric and regen 2012R2 MS * added support for 2012 DC 3.1 (#796) * Update PowerSTIG to successfully parse/apply Microsoft Windows Server 2019 STIG - Ver 2, Rel 1 (#794) * initial commit * updated 2019 * updated 2019 MS v2 Stig * updated to use correct convert flow * update changelog.md * fixed merge error * added newline to raw xccdf * added newline Co-authored-by: Brian Wilhite <bcwilhite@live.com> * Update PowerSTIG to successfully parse/apply Microsoft Windows Defender Antivirus STIG - Ver 2, Rel 1 (#795) * added support for defender v2 stig * added newline to raw xccdf * updated org settings * removed n-2 processed Co-authored-by: Brian Wilhite <bcwilhite@live.com> * Update PowerSTIG to successfully parse/apply Microsoft Windows 10 STIG - Ver 2, Rel 1 (#797) * initial commit * updated convert * updated disa copy paste error * Update PowerSTIG to successfully parse/apply Microsoft Windows Server 2016 STIG - Ver 2, Rel 1 (#798) * merged 4.7.0 and added 2016 split stig * added support for 2016 MS-DC v2r1 STIG * updated default org settings file * updated Get-StigRule to include legacyid support (#801) * Update PowerSTIG to Parse/Apply Google Chrome V2R1 (#803) * initial commit for Chrome * fixed parse error * fixed rule * added support for chrome * updated changelog * updated key, removed trailing " * removed tabs * updated resource * updated export function * updated * updated based on testing * Updated based on testing * updated tests * updated based on test failure * updated based on testing * updated based on testing * added registry policy file to schema * update based on feedback * updated based on feedback * Fixed 2018 V-205820 to be SecurityOptionRule (#805) * updated changelog and filehash for release * updated split rule logic from 4.8.0 * removed old RHEL STIG, fixed hard coded rules * updated xccdf to have new line * fixed 2019DC processed stig based on test feedback * updated regex in testhelper to detect "nx" * removed ubuntu stig * removed write-warning * updated azure pipeline yml to publish CC s/f * created nx rule type tests * added nxFile dsc resource script to RHEL composite * updated nxFile dsc resource script * added nxFile to nxFileLine resource script * added support for RHEL 7.x STIG 3.1 * updated changelog.md * removed ubuntu support from RHEL branch * Adding support for Ubuntu 18 V2R1 * daily commit * daily commit * daily commit (not working yet) * nxFileLine commit * nxPackage & nxService updates * updated banner rule * updated autologout.sh rules * added default org settings * fixed DoesNotContainPattern * added SkipRuleSev param to RHEL/Ubuntu Composites * HQRM keyword test failure correction * updated banner rule * updated org setting with correct syntax/value * updated clientalivecountmax rule * updated org setting to remove unwanted line * added ubuntu 2.2 / removed ubuntu 2.1 STIG * updated data file and added RHEL STIGs * added rule to exclusion list and regen RHEL STIG * updated changelog.md * updated ubuntu nxfile line new line char. * added new line to archive stig * added skip resource script to linux composites * added linux skip rule support * updated ubuntu cipher rule * added ubuntu org settings * updated org settings based on feedback * updated data based on test feedback * updated STIG rules based on validation testing * updated RHEL STIG automation * update test to reflect DoesNotCont pattern change. * updated RHEL STIG rule * removed ubuntu pam.d rules due to sect. placement * rm'd rules where text in file postion is required * updated org setting doesnotcontainpattern * updated rhel stig data * updated spacing Co-authored-by: Eric Jenkins <erjenkin@microsoft.com>
microsoft · Feb 11, 2021 · 43090d8 · 43090d8
1 parent e538181
commit 43090d8
Show file tree

Hide file tree

Showing 20 changed files with 12,200 additions and 817 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -5,6 +5,7 @@
 * Update PowerSTIG to remove old rule Ids in Hard Coded Framework: [#790](https://github.com/microsoft/PowerStig/issues/790)
 * Update PowerSTIG to Parse/Apply MS Office 365 ProPlus Ver 2, Rel 1: [#811](https://github.com/microsoft/PowerStig/issues/811)
 * Update PowerSTIG to parse and apply RHEL 7.x V3R1: [#608](https://github.com/microsoft/PowerStig/issues/608)
+* Update PowerSTIG to parse and apply Ubuntu 18.04 LTS STIG - Ver 2, Rel 2: [#821](https://github.com/microsoft/PowerStig/issues/821)
 * Update PowerSTIG to Add Checklist Accountability: [#808](https://github.com/microsoft/PowerStig/issues/808)
 * Update PowerSTIG to move O365 Pro Plus log entries into Exclusion Rule list: [#815](https://github.com/microsoft/PowerStig/issues/815)
 * Update PowerSTIG to parse and apply Mozilla Firefox V5R1 STIG: [#834](https://github.com/microsoft/PowerStig/issues/834)

diff --git a/Tests/Unit/Module/nxFileLineRule.tests.ps1 b/Tests/Unit/Module/nxFileLineRule.tests.ps1
@@ -44,7 +44,7 @@ try
             @{
                 FilePath                  = '/etc/pam.d/passwd'
                 ContainsLine              = 'password substack system-auth'
-                DoesNotContainPattern     = '^\s*password\s\s+substack\s\s+system-auth\s*$|^#\s*password\s*substack\s*system-auth.*'
+                DoesNotContainPattern     = '^\s*password(?:\t*|\s*)substack\tsystem-auth\s*$|^#\s*password\s*substack\s*system-auth.*'
                 OrganizationValueRequired = $false
                 CheckContent              = 'Verify that /etc/pam.d/passwd is configured to use /etc/pam.d/system-auth when changing passwords:
                 # grep /etc/pam.d/passwd
@@ -56,7 +56,7 @@ try
                 ContainsLine                = ''
                 DoesNotContainPattern       = ''
                 OrganizationValueRequired   = $true
-                OrganizationValueTestString = 'that the following statement is true when leveraging the correct nxFileLine ContainsLine format: "If the value of "retry" is set to "0" or greater than "3", this is a finding" '
+                OrganizationValueTestString = 'the following statement is true when leveraging the correct nxFileLine ContainsLine format: "If the value of "retry" is set to "0" or greater than "3", this is a finding" '
                 CheckContent                = 'Verify the operating system uses "pwquality" to enforce the password complexity rules.
 
                 Check for the use of "pwquality" with the following command:

diff --git a/source/DSCResources/Resources/linux.nxFile.ps1 b/source/DSCResources/Resources/linux.nxFile.ps1
@@ -8,6 +8,6 @@ foreach ($rule in $rules)
     nxFile (Get-ResourceTitle -Rule $rule)
     {
         DestinationPath = $rule.FilePath
-        Contents        = $rule.Contents
+        Contents        = "$($rule.Contents)`n"
     }
 }
diff --git a/source/DSCResources/Resources/linux.nxFileLine.ps1 b/source/DSCResources/Resources/linux.nxFileLine.ps1
@@ -19,7 +19,7 @@ foreach ($rule in $rules)
         nxFile (Get-ResourceTitle -Rule $rule)
         {
             DestinationPath = '/etc/audisp/audisp-remote.conf'
-            Contents        = '# Generated via PowerSTIG'
+            Contents        = "# Generated via PowerSTIG`n"
         }
 
         $audispRemoteConfCreated = $true
@@ -30,7 +30,7 @@ foreach ($rule in $rules)
         nxFile (Get-ResourceTitle -Rule $rule)
         {
             DestinationPath = '/etc/audisp/plugins.d/au-remote.conf'
-            Contents        = '# Generated via PowerSTIG'
+            Contents        = "# Generated via PowerSTIG`n"
         }
 
         $auRemoteConfCreated = $true

diff --git a/source/DSCResources/Ubuntu/Ubuntu.psd1 b/source/DSCResources/Ubuntu/Ubuntu.psd1
@@ -0,0 +1,47 @@
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License.
+
+@{
+    # Script module or binary module file associated with this manifest.
+    RootModule = 'Ubuntu.schema.psm1'
+
+    # Version number of this module.
+    ModuleVersion = '1.0.0.0'
+
+    # ID used to uniquely identify this module
+    GUID = '1f6c051c-68aa-4ec0-90f5-aeeb40f2ae74'
+
+    # Author of this module
+    Author = 'Microsoft Corporation'
+
+    # Company or vendor of this module
+    CompanyName = 'Microsoft Corporation'
+
+    # Copyright statement for this module
+    Copyright = '(c) 2020 Microsoft Corporation. All rights reserved.'
+
+    # Description of the functionality provided by this module
+    Description = 'Composite DSC Resource for managing Ubuntu DISA STIGs'
+
+    # Functions to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no functions to export.
+    FunctionsToExport = @('Ubuntu')
+
+    # Cmdlets to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no cmdlets to export.
+    CmdletsToExport = @()
+
+    # Variables to export from this module
+    VariablesToExport = ''
+
+    # Aliases to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no aliases to export.
+    AliasesToExport = @()
+
+    # Private data to pass to the module specified in RootModule/ModuleToProcess. This may also contain a PSData hashtable with additional module metadata used by PowerShell.
+    PrivateData = @{
+
+        PSData = @{
+
+        } # End of PSData hashtable
+
+    } # End of PrivateData hashtable
+
+}
diff --git a/source/DSCResources/Ubuntu/Ubuntu.schema.psm1 b/source/DSCResources/Ubuntu/Ubuntu.schema.psm1
@@ -0,0 +1,83 @@
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License.
+
+using module ..\helper.psm1
+using module ..\..\PowerStig.psm1
+
+<#
+    .SYNOPSIS
+        A composite DSC resource to manage Ubuntu STIG settings
+    .PARAMETER OsVersion
+        The version of Ubuntu operating system STIG to apply and monitor
+    .PARAMETER StigVersion
+        Uses the OsVersion to select the version of the STIG to apply and monitor. If this parameter
+        is not provided, the most recent version of the STIG is automatically selected.
+    .PARAMETER Exception
+        A hashtable of StigId=Value key pairs that are injected into the STIG data and applied to
+        the target node. The title of STIG settings are tagged with the text 'Exception' to identify
+        the exceptions to policy across the data center when you centralize DSC log collection.
+    .PARAMETER OrgSettings
+        The path to the xml file that contains the local organizations preferred settings for STIG
+        items that have allowable ranges. The OrgSettings parameter also accepts a hashtable for
+        values that need to be modified. When a hashtable is used, the specified values take
+        presidence over the values defined in the org.default.xml file.
+    .PARAMETER SkipRule
+        The SkipRule Node is injected into the STIG data and applied to the taget node. The title
+        of STIG settings are tagged with the text 'Skip' to identify the skips to policy across the
+        data center when you centralize DSC log collection.
+    .PARAMETER SkipRuleType
+        All STIG rule IDs of the specified type are collected in an array and passed to the Skip-Rule
+        function. Each rule follows the same process as the SkipRule parameter.
+#>
+configuration Ubuntu
+{
+    [CmdletBinding()]
+    param
+    (
+        [Parameter(Mandatory = $true)]
+        [string]
+        $OsVersion,
+
+        [Parameter()]
+        [ValidateNotNullOrEmpty()]
+        [version]
+        $StigVersion,
+
+        [Parameter()]
+        [ValidateNotNullOrEmpty()]
+        [hashtable]
+        $Exception,
+
+        [Parameter()]
+        [ValidateNotNullOrEmpty()]
+        [object]
+        $OrgSettings,
+
+        [Parameter()]
+        [ValidateNotNullOrEmpty()]
+        [string[]]
+        $SkipRule,
+
+        [Parameter()]
+        [ValidateNotNullOrEmpty()]
+        [string[]]
+        $SkipRuleType,
+
+        [Parameter()]
+        [ValidateSet('CAT_I', 'CAT_II', 'CAT_III')]
+        [string[]]
+        $SkipRuleSeverity
+    )
+
+    ##### BEGIN DO NOT MODIFY #####
+    $stig = [STIG]::New('Ubuntu', $OsVersion, $StigVersion)
+    $stig.LoadRules($OrgSettings, $Exception, $SkipRule, $SkipRuleType, $SkipRuleSeverity)
+    ##### END DO NOT MODIFY #####
+
+    Import-DscResource -ModuleName nx -ModuleVersion 1.0
+    . "$resourcePath\linux.nxPackage.ps1"
+    . "$resourcePath\linux.nxFile.ps1"
+    . "$resourcePath\linux.nxFileLine.ps1"
+    . "$resourcePath\linux.nxService.ps1"
+    . "$resourcePath\linux.nxScript.skip.ps1"
+}
diff --git a/source/Module/Common/Convert/Data.ps1 b/source/Module/Common/Convert/Data.ps1
@@ -59,8 +59,10 @@ data exclusionRuleList
         V-204398 = 'RHEL: At present, unable to automate rule'
         V-204402 = 'RHEL: At present, unable to automate rule'
         V-204404 = 'RHEL: At present, unable to automate rule'
+        V-204415 = 'RHEL: At present, unable to automate rule'
         V-204417 = 'RHEL: At present, unable to automate rule'
         V-204422 = 'RHEL: At present, unable to automate rule'
+        V-204424 = 'RHEL: At present, unable to automate rule'
         V-204427 = 'RHEL: At present, unable to automate rule'
         V-204428 = 'RHEL: At present, unable to automate rule'
         V-204429 = 'RHEL: At present, unable to automate rule'
@@ -71,32 +73,35 @@ data exclusionRuleList
         V-204488 = 'RHEL: At present, unable to automate rule'
         V-204489 = 'RHEL: At present, unable to automate rule'
         V-204496 = 'RHEL: At present, unable to automate rule'
-        V-204497 = 'RHEL: At present, unable to automate rule'
-        V-204576 = 'RHEL: At present, unable to automate rule'
-        V-204579 = 'RHEL: At present, unable to automate rule'
         V-204581 = 'RHEL: At present, unable to automate rule'
         V-204582 = 'RHEL: At present, unable to automate rule'
         V-204603 = 'RHEL: At present, unable to automate rule'
-        V-204609 = 'RHEL: At present, unable to automate rule'
-        V-204612 = 'RHEL: At present, unable to automate rule'
-        V-204613 = 'RHEL: At present, unable to automate rule'
-        V-204614 = 'RHEL: At present, unable to automate rule'
-        V-204616 = 'RHEL: At present, unable to automate rule'
-        V-204617 = 'RHEL: At present, unable to automate rule'
-        V-204625 = 'RHEL: At present, unable to automate rule'
+        V-204605 = 'RHEL: At present, unable to automate rule'
         V-204629 = 'RHEL: At present, unable to automate rule'
-        V-204630 = 'RHEL: At present, unable to automate rule'
         V-204632 = 'RHEL: At present, unable to automate rule'
         V-204633 = 'RHEL: Cannot automate with nxFileLineRule due to text position in conf file'
-        V-204615 = 'RHEL: At present, unable to automate rule'
         V-204397 = 'RHEL: At present, unable to automate rule'
         V-204437 = 'RHEL: Cannot automate with nxFileLineRule due to text position in conf file'
-        V-204584 = 'RHEL: At present, unable to automate rule'
         V-204438 = 'RHEL: At present, unable to automate rule'
         V-204440 = 'RHEL: At present, unable to automate rule'
-        V-204610 = 'RHEL: At present, unable to automate rule'
-        V-204611 = 'RHEL: At present, unable to automate rule'
         V-204456 = 'RHEL: At present, unable to automate rule'
         V-228564 = 'RHEL: At present, unable to automate rule'
+        V-219151 = 'Ubuntu: At present, unable to automate rule'
+        V-219155 = 'Ubuntu: At present, unable to automate rule'
+        V-219164 = 'Ubuntu: At present, unable to automate rule'
+        V-219165 = 'Ubuntu: At present, unable to automate rule'
+        V-219166 = 'Ubuntu: At present, unable to automate rule'
+        V-219180 = 'Ubuntu: At present, unable to automate rule'
+        V-219182 = 'Ubuntu: At present, unable to automate rule'
+        V-219188 = 'Ubuntu: At present, unable to automate rule'
+        V-219194 = 'Ubuntu: At present, unable to automate rule'
+        V-219195 = 'Ubuntu: At present, unable to automate rule'
+        V-219211 = 'Ubuntu: At present, unable to automate rule'
+        V-219315 = 'Ubuntu: At present, unable to automate rule'
+        V-219316 = 'Ubuntu: At present, unable to automate rule'
+        V-219320 = 'Ubuntu: At present, unable to automate rule'
+        V-219326 = 'Ubuntu: At present, unable to automate rule'
+        V-219331 = 'Ubuntu: At present, unable to automate rule'
+        V-219341 = 'Ubuntu: At present, unable to automate rule'
 '@
 }
diff --git a/source/Module/Rule.nxFile/Convert/Data.ps1 b/source/Module/Rule.nxFile/Convert/Data.ps1
@@ -8,9 +8,9 @@
 data regularExpression
 {
     ConvertFrom-StringData -StringData @'
-    nxFileContents        = #\\s+(?:grep|more).*\\s+(?<filePath>\\/[\\w.\\/-]*\\/[\\w.\\/-]*).*\\n(?<setting>.*\\n|.*\\n.*\\n|.*\\n.*\\n.*\\n|.*\\n.*\\n.*\\n.*\\n|.*\\n.*\\n.*\\n.*\\n.*\\n)If.*this is a finding
-    nxFileContentsExclude = The result must contain the following line:|If\\s+.*commented\\s+(?:out|line).*|#\\s+cat\\s+/etc/redhat-release
-    nxFileDestinationPath = #\\s+(?:grep|more).*\\s+(?<filePath>\\/[\\w.\\/-]*\\/[\\w.\\/-]*)
-    nxFileFooterDetection = ^If\\s+.*$
+        nxFileContents        = #\\s+(?:grep|more).*\\s+(?<filePath>\\/[\\w.\\/-]*\\/[\\w.\\/-]*).*\\n(?<setting>.*\\n|.*\\n.*\\n|.*\\n.*\\n.*\\n|.*\\n.*\\n.*\\n.*\\n|.*\\n.*\\n.*\\n.*\\n.*\\n)If.*this is a finding
+        nxFileContentsExclude = The result must contain the following line:|If\\s+.*commented\\s+(?:out|line).*|#\\s+cat\\s+/etc/redhat-release
+        nxFileDestinationPath = #\\s+(?:grep|more).*\\s+(?<filePath>\\/[\\w.\\/-]*\\/[\\w.\\/-]*)
+        nxFileFooterDetection = ^If\\s+.*$
 '@
 }