STIGQter: STIG Summary: IBM AIX 7.x Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 23 Apr 2021:

AIX must protect the confidentiality and integrity of transmitted information during preparation for transmission and maintain the confidentiality and integrity of information during reception and disable all non-encryption network access methods.

DISA Rule

SV-215284r508663_rule

Vulnerability Number

V-215284

Group Title

SRG-OS-000423-GPOS-00187

Rule Version

AIX7-00-002097

Severity

CAT II

CCI(s)

• CCI-002890 - The information system implements cryptographic mechanisms to protect the integrity of nonlocal maintenance and diagnostic communications.
• CCI-003123 - The information system implements cryptographic mechanisms to protect the confidentiality of nonlocal maintenance and diagnostic communications.
• CCI-002418 - The information system protects the confidentiality and/or integrity of transmitted information.
• CCI-002420 - The information system maintains the confidentiality and/or integrity of information during preparation for transmission.
• CCI-002421 - The information system implements cryptographic mechanisms to prevent unauthorized disclosure of information and/or detect changes to information during transmission unless otherwise protected by organization-defined alternative physical safeguards.
• CCI-002422 - The information system maintains the confidentiality and/or integrity of information during reception.

Weight

10

Fix Recommendation

If the SSH server package is not installed, install "openssh.base.server" package and config the SSH daemon.

If the ssh demon is not "active", run the following command to start it:
# startsrc -s sshd

Check Contents

Run the following command to check if SSH server package is installed:

# lslpp -l | grep -i ssh
openssh.base.client 6.0.0.6201 COMMITTED Open Secure Shell Commands
openssh.base.server 6.0.0.6201 COMMITTED Open Secure Shell Server
openssh.man.en_US 6.0.0.6201 COMMITTED Open Secure Shell

If package "openssh.base.server" is not installed, this is a finding.

Run the following command to check if the SSH daemon is running:

# lssrc -s sshd | grep active
sshd ssh 3670408 active

If "sshd" is "inoperative", this is a finding.

Vulnerability Number

V-215284

Documentable

False

Rule Version

AIX7-00-002097

Severity Override Guidance

Run the following command to check if SSH server package is installed:

# lslpp -l | grep -i ssh
openssh.base.client 6.0.0.6201 COMMITTED Open Secure Shell Commands
openssh.base.server 6.0.0.6201 COMMITTED Open Secure Shell Server
openssh.man.en_US 6.0.0.6201 COMMITTED Open Secure Shell

If package "openssh.base.server" is not installed, this is a finding.

Run the following command to check if the SSH daemon is running:

# lssrc -s sshd | grep active
sshd ssh 3670408 active

If "sshd" is "inoperative", this is a finding.

Check Content Reference

M

Target Key

4012

Comments