The SSH daemon must be configured with the Department of Defense (DoD) login banner.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-22489 | GEN005550 | SV-26802r1_rule | ECWM-1 | Medium |
| Description |
|---|
| Failure to display the DoD logon banner prior to a logon attempt will negate legal proceedings resulting from unauthorized access to system resources. The SSH service must be configured to display the DoD logon warning banner either through the SSH configuration or a wrapper program such as TCP_WRAPPERS. The SSH daemon may also be used to provide SFTP service. The warning banner configuration for SSH will apply to SFTP. |
| STIG | Date |
|---|---|
| Draft AIX Security Technical Implementation Guide | 2011-08-17 |
Details
| Check Text ( C-27791r1_chk ) |
|---|
| Verify the SSH daemon is configured for logon warning banners. # grep -i banner /etc/ssh/sshd_config | grep -v '^#' # cat [banner file] Verify the Banner configuration line is present and the file it references contains a login warning banner. Otherwise, verify TCP_WRAPPERS are configured for SSH and display a logon warning banner. If neither the SSH daemon nor TCP_WRAPPERS is configured to display a logon warning banner, this is a finding. |
| Fix Text (F-24046r1_fix) |
|---|
| Edit the SSH daemon configuration and add or edit a Banner setting that references a file containing a logon warning banner. |