Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-91679 | AIX7-00-002112 | SV-101777r1_rule | Medium |
Description |
---|
The SSH daemon must be configured for IP filtering to provide a layered defense against connection attempts from unauthorized addresses. |
STIG | Date |
---|---|
IBM AIX 7.x Security Technical Implementation Guide | 2020-02-24 |
Check Text ( C-90833r3_chk ) |
---|
Check the TCP wrappers configuration files to determine if SSHD is configured to use TCP wrappers using commands: # grep sshd /etc/hosts.deny sshd : ALL # grep sshd /etc/hosts.allow sshd : 10.10.20.* If no entries are returned, the TCP wrappers are not configured for SSHD, this is a finding. |
Fix Text (F-97877r1_fix) |
---|
Add appropriate IP restrictions for SSH to the "/etc/hosts.deny" and/or "/etc/hosts.allow" files. TCP Wrappers can be installed from the AIX Expansion Pack by installing fileset "netsec.options.tcpwrappers" using the following command (assume AIX Expansion Pack is mounted on /dev/cd0): # installp -aXYgd /dev/cd0 -e /tmp/install.log netsec.options.tcpwrappers |