Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-22448 | GEN005306 | SV-38890r1_rule | DCNR-1 | Medium |
Description |
---|
The SNMP service must use SHA-1 or a FIPS 140-2 approved successor for authentication and integrity. |
STIG | Date |
---|---|
AIX 5.3 Security Technical Implementation Guide | 2012-05-25 |
Check Text ( C-37888r2_chk ) |
---|
Check all SNMPv3 users for configured authentication protocols. # grep USM_USER /etc/snmpdv3.conf The 4th field contains the hash used in the authentication protocol. If an entry exists that does not use HMAC-SHA for the authentication protocol, this is a finding. |
Fix Text (F-33137r2_fix) |
---|
Edit the /etc/snmpdv3.conf file. Change any instances of the HMAC-MD5 authentication protocol in USM_USER entries to HMAC-SHA. For all changed USM_USER entries, regenerate authentication keys using the "pwtokey" command and replace the keys in the /etc/snmpdv3.conf file. |