UCF STIG Viewer Logo

The F5 BIG-IP must ensure SSH is disabled for root user logon to prevent remote access using the root account.


Overview

Finding ID Version Rule ID IA Controls Severity
V-217424 F5BI-DM-000284 SV-217424r557520_rule Medium
Description
The F5 BIG-IP shell must be locked down to limit the ability to modify the configuration through the shell. Preventing attackers from remotely accessing management functions using root account mitigates the risk that unauthorized individuals or processes may gain superuser access to information or privileges. Additionally, the audit records for actions taken using the group account will not identify the specific person who took the actions.
STIG Date
F5 BIG-IP Device Management 11.x Security Technical Implementation Guide 2020-09-28

Details

Check Text ( C-18649r290826_chk )
Verify the F5 BIG-IP shell is locked down to limit the ability to modify the configuration through the shell.
Log in to the Configuration utility as the administrative user.

Navigate to System > Platform.
Under Root Account, verify the Disable login and Disable bash check boxes are checked.

If the value of systemauth.disablerootlogin and db systemauth.disablebash is not set to “true”, then this is a finding.
Fix Text (F-18647r513229_fix)
To ensure that the F5 BIG-IP meets the requirements within the STIG, limit the ability to modify the configuration at the command line. SSH into the command line interface and type in the following commands.

(tmos)# modify sys db systemauth.disablerootlogin value true
(tmos)# modify sys db systemauth.disablebash value true
(tmos)# save sys config