Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-215293 | AIX7-00-002110 | SV-215293r853475_rule | Medium |
Description |
---|
Without configuring a local cache of revocation data, there is the potential to allow access to users who are no longer authorized (users with revoked certificates). |
STIG | Date |
---|---|
IBM AIX 7.x Security Technical Implementation Guide | 2023-08-23 |
Check Text ( C-16491r294330_chk ) |
---|
If public keys are not used for SSH authentication, this is Not Applicable. Run the following command: # grep "^RevokedKeys" /etc/ssh/sshd_config RevokedKeys /etc/ssh/RevokedKeys.txt If the command does not find the "RevokedKeys" setting, or the value for "RevokedKeys" is set to "none", this is a finding. |
Fix Text (F-16489r294331_fix) |
---|
Obtain the file that contains all the public keys that need to be revoked from ISSO/SA and save the file in /etc/ssh/ directory. Edit the "/etc/ssh/sshd_config" file to allow "RevokedKeys" to point to the revoked key file obtained above. Restart the SSH daemon: # stopsrc -s sshd # startsrc -s sshd |