Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
AIX must turn on SSH daemon reverse name checking.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-91727 | AIX7-00-002115 | SV-101825r1_rule | Medium |
| Description |
|---|
| If reverse name checking is off, SSH may allow a remote attacker to circumvent security policies and attempt to or actually login from IP addresses that are not permitted to access resources. |
| STIG | Date |
|---|---|
| IBM AIX 7.x Security Technical Implementation Guide | 2019-04-29 |
Details
| Check Text ( C-90881r3_chk ) |
|---|
| Check the SSH daemon configuration for the "VerifyReverseMapping" setting using command: # grep -i VerifyReverseMapping /etc/ssh/sshd_config | grep -v '^#' VerifyReverseMapping yes If the setting is not present or the setting is "no", this is a finding. |
| Fix Text (F-97925r1_fix) |
|---|
| Edit the "/etc/sshd/sshd_config" file and add the following line: VerifyReverseMapping yes Restart the SSH daemon: # stopsrc -s sshd # startsrc -s sshd |