STIGQter STIGQter: STIG Summary: VMware ESXi Server 5.0 Security Technical Implementation Guide Version: 1 Release: 10 Benchmark Date: 27 Jan 2017: The SSH client must not permit tunnels.

DISA Rule

SV-51086r3_rule

Vulnerability Number

V-39270

Group Title

GEN005532

Rule Version

GEN005532-ESXI5-709

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Disable lock down mode. Enable the ESXi Shell. Execute the following command(s):
# vi /etc/ssh/ssh_config

Add/modify the attribute line entry to the following (quotes for emphasis only):
"Tunnel no"

Re-enable lock down mode.

Check Contents

Disable lock down mode. Enable the ESXi Shell. Execute the following command(s):
# grep Tunnel /etc/ssh/ssh_config

If the "Tunnel" attribute is not set to "no", this is a finding. If the /etc/ssh/ssh_config file does not exist or the Tunnel option is not set, this is not a finding.

Re-enable lock down mode.

Vulnerability Number

V-39270

Documentable

False

Rule Version

GEN005532-ESXI5-709

Severity Override Guidance

Disable lock down mode. Enable the ESXi Shell. Execute the following command(s):
# grep Tunnel /etc/ssh/ssh_config

If the "Tunnel" attribute is not set to "no", this is a finding. If the /etc/ssh/ssh_config file does not exist or the Tunnel option is not set, this is not a finding.

Re-enable lock down mode.

Check Content Reference

M

Responsibility

System Administrator

Target Key

2370

Comments