Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-39267 | GEN005530-ESXI5-000107 | SV-51083r2_rule | Medium |
Description |
---|
SSH may be used to provide limited functions other than an interactive shell session, such as file transfer. If local, user-defined environment settings (such as, those configured in ~/.ssh/authorized_keys and ~/.ssh/environment) are configured by the user and permitted by the SSH daemon, they could be used to alter the behavior of the limited functions, potentially granting unauthorized access to the system. |
STIG | Date |
---|---|
VMware ESXi Server 5.0 Security Technical Implementation Guide | 2016-02-10 |
Check Text ( C-46531r2_chk ) |
---|
Disable lock down mode. Enable the ESXi Shell. Execute the following command(s): # grep PermitUserEnvironment /etc/ssh/sshd_config If the command returns nothing, or the returned "PermitUserEnvironment" attribute is not set to "no", this is a finding. Re-enable lock down mode. |
Fix Text (F-44246r2_fix) |
---|
Disable lock down mode. Enable the ESXi Shell. Execute the following command(s): # vi /etc/ssh/sshd_config Add/modify the attribute line entry to the following (quotes for emphasis only): "PermitUserEnvironment no" Re-enable lock down mode. |