Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-22479 | GEN005530 | SV-46091r1_rule | ECSC-1 | Low |
Description |
---|
SSH may be used to provide limited functions other than an interactive shell session, such as file transfer. If local, user-defined environment settings (such as those configured in ~/.ssh/authorized_keys, ~/.ssh/environment, or equivalent) are configured by the user and permitted by the SSH daemon, they could be used to alter the behavior of the limited functions, potentially granting unauthorized access to the system. |
STIG | Date |
---|---|
SUSE Linux Enterprise Server v11 for System z | 2012-12-13 |
Check Text ( C-43348r1_chk ) |
---|
Check the PermitUserEnvironment setting in the SSH daemon configuration. Procedure: # grep -i PermitUserEnvironment /etc/ssh/sshd_config|grep -v '^#' If the setting is not present, or set to a value other than "no", this is a finding. |
Fix Text (F-39435r1_fix) |
---|
Edit the SSH daemon configuration and add or edit the PermitUserEnvironment setting with a value of "no". |