Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
GEN005530-ESXI5-000107 | GEN005530-ESXI5-000107 | GEN005530-ESXI5-000107_rule | Low |
Description |
---|
SSH may be used to provide limited functions other than an interactive shell session, such as file transfer. If local, user-defined environment settings (such as, those configured in ~/.ssh/authorized_keys and ~/.ssh/environment) are configured by the user and permitted by the SSH daemon, they could be used to alter the behavior of the limited functions, potentially granting unauthorized access to the system. |
STIG | Date |
---|---|
VMware ESXi v5 Security Technical Implementation Guide | 2013-01-15 |
Check Text ( C-GEN005530-ESXI5-000107_chk ) |
---|
Disable lock down mode. Enable the ESXi Shell. Login as root and execute the following command(s): # grep PermitUserEnvironment /etc/ssh/sshd_config If "PermitUserEnvironment" is set to "yes" or the keyword/line is missing, this is a finding. Re-enable lock down mode. |
Fix Text (F-GEN005530-ESXI5-000107_fix) |
---|
Disable lock down mode. Enable the ESXi Shell. Login as root and execute the following command(s): # vi /etc/ssh/sshd_config Add/modify the "PermitUserEnvironment" keyword to "no", i.e.; PermitUserEnvironment= no Re-enable lock down mode. |