STIGQter STIGQter: STIG Summary: VMware vRealize Automation 7.x SLES Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 28 Sep 2018:

The SLES for vRealize must implement cryptographic mechanisms to protect the confidentiality of nonlocal maintenance and diagnostic communications, when used for nonlocal maintenance sessions.

DISA Rule

SV-100457r1_rule

Vulnerability Number

V-89807

Group Title

SRG-OS-000394-GPOS-00174

Rule Version

VRAU-SL-001255

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Edit the SSH daemon configuration and remove any MACs other than "hmac-sha1". If necessary, add a "MACs" line.

# sed -i "/^[^#]*MACs/ c\MACs hmac-sha1" /etc/ssh/sshd_config

Check Contents

Check the SSH daemon configuration for allowed MACs:

# grep -i macs /etc/ssh/sshd_config | grep -v '^#'

If no lines are returned, or the returned MACs list contains any MAC other than "hmac-sha1", this is a finding.

Vulnerability Number

V-89807

Documentable

False

Rule Version

VRAU-SL-001255

Severity Override Guidance

Check the SSH daemon configuration for allowed MACs:

# grep -i macs /etc/ssh/sshd_config | grep -v '^#'

If no lines are returned, or the returned MACs list contains any MAC other than "hmac-sha1", this is a finding.

Check Content Reference

M

Target Key

3459

Comments