STIGQter STIGQter: STIG Summary: VMware vRealize Operations Manager 6.x SLES Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 28 Sep 2018: The SLES for vRealize must enforce SSHv2 for network access to privileged accounts.

DISA Rule

SV-99227r1_rule

Vulnerability Number

V-88577

Group Title

SRG-OS-000112-GPOS-00057

Rule Version

VROM-SL-000690

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure SLES for vRealize to enforce SSHv2 for network access to privileged accounts by running the following commands:

# sed -i 's/^.*\bProtocol\b.*$/Protocol 2/' /etc/ssh/sshd_config

Restart the ssh service.

# service sshd restart

Check Contents

Verify that SLES for vRealize enforces SSHv2 for network access to privileged accounts by running the following command:

Replace [ADDRESS] in the following command with the correct IP address based on the current system configuration.

# ssh -1 [ADDRESS]

An example of the command usage is as follows:
# ssh -1 localhost

The output must be the following:

Protocol major versions differ: 1 vs. 2

If it is not, this is a finding.

OR

Verify that the ssh is configured to enforce SSHv2 for network access to privileged accounts by running the following command:

# grep Protocol /etc/ssh/sshd_config

If the result is not "Protocol 2", this is a finding.

Vulnerability Number

V-88577

Documentable

False

Rule Version

VROM-SL-000690

Severity Override Guidance

Verify that SLES for vRealize enforces SSHv2 for network access to privileged accounts by running the following command:

Replace [ADDRESS] in the following command with the correct IP address based on the current system configuration.

# ssh -1 [ADDRESS]

An example of the command usage is as follows:
# ssh -1 localhost

The output must be the following:

Protocol major versions differ: 1 vs. 2

If it is not, this is a finding.

OR

Verify that the ssh is configured to enforce SSHv2 for network access to privileged accounts by running the following command:

# grep Protocol /etc/ssh/sshd_config

If the result is not "Protocol 2", this is a finding.

Check Content Reference

M

Target Key

3461

Comments