UCF STIG Viewer Logo

The SSH daemon must be configured for IP filtering.


Overview

Finding ID Version Rule ID IA Controls Severity
V-12022 GEN005540 SV-35149r1_rule ECSC-1 ECWM-1 Medium
Description
The SSH daemon must be configured for IP filtering to provide a layered defense against connection attempts from unauthorized addresses.
STIG Date
HP-UX 11.23 Security Technical Implementation Guide 2015-12-02

Details

Check Text ( C-36667r1_chk )
Check the TCP wrappers configuration files to determine if sshd is configured to use TCP wrappers.
# cat /etc/hosts.deny | grep -i sshd
# cat /etc/hosts.allow| grep -i sshd

If no entries are returned, the TCP wrappers are not configured for sshd, this is a finding.
Fix Text (F-32040r1_fix)
Add appropriate IP restrictions for SSH to the /etc/hosts.deny and/or /etc/hosts.allow files.