Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
AIX must turn off X11 forwarding for the SSH daemon.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-215300 | AIX7-00-002117 | SV-215300r508663_rule | Medium |
| Description |
|---|
| X11 forwarding over SSH allows for the secure remote execution of X11-based applications. This feature can increase the attack surface of an SSH connection and should not be enabled unless needed. |
| STIG | Date |
|---|---|
| IBM AIX 7.x Security Technical Implementation Guide | 2021-03-10 |
Details
| Check Text ( C-16498r294351_chk ) |
|---|
| If X11 forwarding has been authorized for use, this is Not Applicable. Check the SSH daemon configuration for the "X11Forwarding" directive using command: # grep -i X11Forwarding /etc/ssh/sshd_config | grep -v '^#' X11Forwarding no If the setting is not present or the setting is "yes", this is a finding. |
| Fix Text (F-16496r294352_fix) |
|---|
| Edit the "/etc/sshd/sshd_config" file to add the following line and save the change: X11Forwarding no Restart the SSH daemon: # stopsrc -s sshd # startsrc -s sshd |