STIGQter: STIG Summary: SLES 12 Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:

All networked SUSE operating systems must have and implement SSH to protect the confidentiality and integrity of transmitted and received information, as well as information during preparation for transmission.

DISA Rule

SV-217264r603262_rule

Vulnerability Number

V-217264

Group Title

SRG-OS-000423-GPOS-00187

Rule Version

SLES-12-030100

Severity

CAT I

CCI(s)

• CCI-002418 - The information system protects the confidentiality and/or integrity of transmitted information.
• CCI-002420 - The information system maintains the confidentiality and/or integrity of information during preparation for transmission.
• CCI-002421 - The information system implements cryptographic mechanisms to prevent unauthorized disclosure of information and/or detect changes to information during transmission unless otherwise protected by organization-defined alternative physical safeguards.
• CCI-002422 - The information system maintains the confidentiality and/or integrity of information during reception.

Weight

10

Fix Recommendation

Note: If the system is not networked this requirement is Not Applicable.

Configure the SUSE operating system to implement SSH to protect the confidentiality and integrity of transmitted and received information, as well as information during preparation for transmission.

Install the OpenSSH package on the SUSE operating system with the following command:

# sudo zypper in openssh

Enable the OpenSSH service to start automatically on reboot with the following command:

# sudo systemctl enable sshd.service

For the changes to take effect immediately, start the service with the following command:

# sudo systemctl restart sshd.service

Check Contents

Note: If the system is not networked this requirement is Not Applicable.

Verify that the SUSE operating system implements SSH to protect the confidentiality and integrity of transmitted and received information, as well as information during preparation for transmission.

Check that the OpenSSH package is installed on the SUSE operating system with the following command:

# zypper se openssh

S | Name | Summary | Type
--+---------------- --+------------------------------------------------------+--------
i | openssh | Secure Shell Client and Server (Remote L-> | package

If the OpenSSH package is not installed, this is a finding.

Check that the OpenSSH service active on the SUSE operating system with the following command:

# systemctl status sshd.service | grep -i "active:"

Active: active (running) since Thu 2017-01-12 15:03:38 UTC; 1 months 4 days ago

If OpenSSH service is not active, this is a finding.

Vulnerability Number

V-217264

Documentable

False

Rule Version

SLES-12-030100

Severity Override Guidance

Note: If the system is not networked this requirement is Not Applicable.

Verify that the SUSE operating system implements SSH to protect the confidentiality and integrity of transmitted and received information, as well as information during preparation for transmission.

Check that the OpenSSH package is installed on the SUSE operating system with the following command:

# zypper se openssh

S | Name | Summary | Type
--+---------------- --+------------------------------------------------------+--------
i | openssh | Secure Shell Client and Server (Remote L-> | package

If the OpenSSH package is not installed, this is a finding.

Check that the OpenSSH service active on the SUSE operating system with the following command:

# systemctl status sshd.service | grep -i "active:"

Active: active (running) since Thu 2017-01-12 15:03:38 UTC; 1 months 4 days ago

If OpenSSH service is not active, this is a finding.

Check Content Reference

M

Target Key

4033

Comments