Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-230501 | RHEL-08-040060 | SV-230501r599732_rule | High |
Description |
---|
A replay attack may enable an unauthorized user to gain access to RHEL 8. Authentication sessions between the authenticator and RHEL 8 validating the user credentials must not be vulnerable to a replay attack. An authentication process resists replay attacks if it is impractical to achieve a successful authentication by recording and replaying a previous authentication message. A privileged account is any information system account with authorizations of a privileged user. Techniques used to address this include protocols using nonces (e.g., numbers generated for a specific one-time use) or challenges (e.g., TLS, WS_Security). Additional techniques include time-synchronous or challenge-response one-time authenticators. RHEL 8 incorporates OpenSSH as a default ssh provider. OpenSSH has been a 100 percent SSHv2 implementation since version 7.6 in late 2017 and dropped support of SSH protocol version 1. Satisfies: SRG-OS-000112-GPOS-00057, SRG-OS-000113-GPOS-00058 |
STIG | Date |
---|---|
Red Hat Enterprise Linux 8 Security Technical Implementation Guide | 2020-11-25 |
Check Text ( C-33170r568249_chk ) |
---|
Verify that RHEL 8 enforces SSH protocol 2 for network access. Check the SSH version that RHEL 8 is using with the following command: $ sudo yum list installed openssh openssh.x86_64 8.0p1-3.el8 If the version of OpenSSH is newer than 7.6 the system is utilizing SSHv2 and is compliant. If the version of OpenSSH is older than 7.6 or is a different SSH package, check the protocol versions that SSH allows with the following command: $ sudo grep -i protocol /etc/ssh/sshd_config Protocol 2 If the returned line allows for use of protocol "1", is commented out, or the line is missing, this is a finding. |
Fix Text (F-33145r568250_fix) |
---|
Configure RHEL 8 to enforce SSHv2 for network access to all accounts via OpenSSH or by updating the SSH configuration to enforce SSHv2. Install OpenSSH with the following command: $ sudo yum -y install openssh.x86_64 or Add or update the following line in the "/etc/ssh/sshd_config" file: Protocol 2 Restart the ssh service. $ sudo systemctl restart sshd.service |