STIGQter STIGQter: STIG Summary: Red Hat Enterprise Linux 6 Security Technical Implementation Guide Version: 1 Release: 24 Benchmark Date: 25 Oct 2019: The SSH daemon must be configured to only use Message Authentication Codes (MACs) employing FIPS 140-2 approved cryptographic hash algorithms.

DISA Rule

SV-106369r1_rule

Vulnerability Number

V-97231

Group Title

SRG-OS-000169

Rule Version

RHEL-06-000244

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure sshd to use only FIPS-approved Message Authentication Codes.

Check Contents

Verify sshd is configured to use FIPS 140-2 approved Message Authentication Codes (MACs):

# grep -i "mac" /etc/ssh/sshd_config | grep -v '^#'
MACs hmac-sha2-512,hmac-sha2-256

If the output contains MACs that are not FIPS-approved, or does not return a value, this is a finding.

Vulnerability Number

V-97231

Documentable

False

Rule Version

RHEL-06-000244

Severity Override Guidance

Verify sshd is configured to use FIPS 140-2 approved Message Authentication Codes (MACs):

# grep -i "mac" /etc/ssh/sshd_config | grep -v '^#'
MACs hmac-sha2-512,hmac-sha2-256

If the output contains MACs that are not FIPS-approved, or does not return a value, this is a finding.

Check Content Reference

M

Target Key

2367

Comments