UCF STIG Viewer Logo

The SSH daemon must be configured for IP filtering.


Overview

Finding ID Version Rule ID IA Controls Severity
V-12022 GEN005540 SV-12523r2_rule ECWM-1 ECSC-1 Medium
Description
The SSH daemon must be configured for IP filtering to provide a layered defense against connection attempts from unauthorized addresses.
STIG Date
SOLARIS 9 X86 SECURITY TECHNICAL IMPLEMENTATION GUIDE 2015-10-01

Details

Check Text ( C-7987r2_chk )
Check the TCP wrappers configuration files to determine if SSHD is configured to use TCP wrappers.

Procedure:
# grep sshd /etc/hosts.deny
# grep sshd /etc/hosts.allow

If no entries are returned, the TCP wrappers are not configured for SSHD and this is a finding.
Fix Text (F-11281r2_fix)
Add appropriate IP restrictions for SSH to the /etc/hosts.deny and/or /etc/hosts.allow files.