STIGQter: STIG Summary: VMware vRealize Automation 7.x SLES Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 28 Sep 2018:

The SLES for vRealize must enforce SSHv2 for network access to non-privileged accounts.

DISA Rule

SV-100347r1_rule

Vulnerability Number

V-89697

Group Title

SRG-OS-000113-GPOS-00058

Rule Version

VRAU-SL-000715

Severity

CAT II

CCI(s)

CCI-001942 - The information system implements replay-resistant authentication mechanisms for network access to non-privileged accounts.

Weight

Fix Recommendation

Configure the SLES for vRealize to enforce SSHv2 for network access to non-privileged accounts by running the following commands:

# sed -i 's/^.*\bProtocol\b.*$/Protocol 2/' /etc/ssh/sshd_config

Restart the ssh service:

# service sshd restart

Check Contents

Verify that the SLES for vRealize enforces SSHv2 for network access to privileged accounts by running the following command:

Replace [ADDRESS] in the following command with the correct IP address based on the current system configuration.

# ssh -1 [ADDRESS]

An example of the command usage is as follows:
# ssh -1 localhost

The output must be one of the following items:

Protocol major versions differ: 1 vs. 2

OR:

Protocol 1 not allowed in the FIPS mode.

If the output is not one of the above, this is a finding.

OR

Verify that the ssh is configured to enforce SSHv2 for network access to privileged accounts by running the following command:

# grep Protocol /etc/ssh/sshd_config

If the result is not "Protocol 2", this is a finding.

The SLES for vRealize must enforce SSHv2 for network access to non-privileged accounts.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments