Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-97729 | F5BI-DM-000284 | SV-106833r1_rule | Medium |
Description |
---|
The F5 BIG-IP shell must be locked down to limit the ability to modify the configuration through the shell. Preventing attackers from remotely accessing management functions using root account mitigates the risk that unauthorized individuals or processes may gain superuser access to information or privileges. Additionally, the audit records for actions taken using the group account will not identify the specific person who took the actions. |
STIG | Date |
---|---|
F5 BIG-IP Device Management 11.x Security Technical Implementation Guide | 2019-12-20 |
Check Text ( C-96557r1_chk ) |
---|
Verify the F5 BIG-IP shell is locked down to limit the ability to modify the configuration through the shell. Log in to the Configuration utility as the administrative user. Navigate to System > Platform. Under Root Account, verify the Disable login and Disable bash check boxes are checked. If the value of systemauth.disablerootlogin and db systemauth.disablebash is not set to “true”, then this is a finding. |
Fix Text (F-103397r1_fix) |
---|
To ensure that the F5 BIG-IP meets the requirements within the STIG, limit the ability to modify the configuration at the command line. SSH into the command line interface and type in the following commands. (tmos)# modify sys db systemauth.disablerootlogin value true (tmos)# modify sys db systemauth.disablebash value true (tmos)# save sys config |