Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-22463 | GEN005512 | SV-35210r2_rule | DCNR-1 | Medium |
Description |
---|
DoD information systems are required to use FIPS 140-2 approved cryptographic hash functions. |
STIG | Date |
---|---|
HP-UX 11.23 Security Technical Implementation Guide | 2015-06-12 |
Check Text ( C-36638r2_chk ) |
---|
Check the SSH client configuration for allowed MACs. Note that keywords are case-insensitive and arguments (args) are case-sensitive. keyword=MACs arg(s)=hmac-sha2-512,hmac-sha2-256,hmac-sha1 Default values include: "hmac-md5,hmac-md5-96,hmac-sha1,hmac-sha1-96,hmac-ripemd168" Note: When the default "arg" value exactly matches the required "arg" value (see above), the Examine the file. # cat /opt/ssh/etc/ssh_config | tr '\011' ' ' | tr -s ' ' | sed -e 's/^[ \t]*//' | grep -v '^#' | egrep -i "macs" If the MACs list contains any MAC other than hmac-sha2-512, hmac-sha2-256, or hmac-sha1, this is a finding. |
Fix Text (F-32009r1_fix) |
---|
Edit the SSH client configuration and remove any MACs other than hmac-sha1. If necessary, add a MACs line. |