STIGQter: STIG Summary: SUSE Linux Enterprise Server 15 Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 23 Apr 2021:

All networked SUSE operating systems must have and implement SSH to protect the confidentiality and integrity of transmitted and received information, as well as information during preparation for transmission.

DISA Rule

SV-234860r622137_rule

Vulnerability Number

V-234860

Group Title

SRG-OS-000423-GPOS-00187

Rule Version

SLES-15-010530

Severity

CAT I

CCI(s)

• CCI-002418 - The information system protects the confidentiality and/or integrity of transmitted information.
• CCI-002420 - The information system maintains the confidentiality and/or integrity of information during preparation for transmission.
• CCI-002421 - The information system implements cryptographic mechanisms to prevent unauthorized disclosure of information and/or detect changes to information during transmission unless otherwise protected by organization-defined alternative physical safeguards.
• CCI-002422 - The information system maintains the confidentiality and/or integrity of information during reception.

Weight

10

Fix Recommendation

Note: If the system is not networked, this requirement is Not Applicable.

Configure the SUSE operating system to implement SSH to protect the confidentiality and integrity of transmitted and received information, as well as information during preparation for transmission.

Install the OpenSSH package on the SUSE operating system with the following command:

> sudo zypper in openssh

Enable the OpenSSH service to start automatically on reboot with the following command:

> sudo systemctl enable sshd.service

For the changes to take effect immediately, start the service with the following command:

> sudo systemctl restart sshd.service

Check Contents

Note: If the system is not networked, this requirement is Not Applicable.

Verify that the SUSE operating system implements SSH to protect the confidentiality and integrity of transmitted and received information, as well as information during preparation for transmission.

Check that the OpenSSH package is installed on the SUSE operating system with the following command:

> zypper info openssh | grep -i installed

If the OpenSSH package is not installed, this is a finding.

Check that the OpenSSH service active on the SUSE operating system with the following command:

> systemctl status sshd.service | grep -i "active:"

Active: active (running) since Thu 2017-01-12 15:03:38 UTC; 1 months 4 days ago

If OpenSSH service is not active, this is a finding.

Vulnerability Number

V-234860

Documentable

False

Rule Version

SLES-15-010530

Severity Override Guidance

Note: If the system is not networked, this requirement is Not Applicable.

Verify that the SUSE operating system implements SSH to protect the confidentiality and integrity of transmitted and received information, as well as information during preparation for transmission.

Check that the OpenSSH package is installed on the SUSE operating system with the following command:

> zypper info openssh | grep -i installed

If the OpenSSH package is not installed, this is a finding.

Check that the OpenSSH service active on the SUSE operating system with the following command:

> systemctl status sshd.service | grep -i "active:"

Active: active (running) since Thu 2017-01-12 15:03:38 UTC; 1 months 4 days ago

If OpenSSH service is not active, this is a finding.

Check Content Reference

M

Target Key

5274

Comments