An error occurred:

Check: GEN005540

AIX 6.1 SECURITY TECHNICAL IMPLEMENTATION GUIDE: GEN005540 (in versions v1 r14 through v1 r10)

Title

The SSH daemon must be configured for IP filtering. (Cat II impact)

Discussion

The SSH daemon must be configured for IP filtering to provide a layered defense against connection attempts from unauthorized addresses.

Check Content

Check the TCP wrappers configuration files to determine if SSHD is configured to use TCP wrappers. Procedure: # grep sshd /etc/hosts.deny # grep sshd /etc/hosts.allow If no entries are returned, the TCP wrappers are not configured for SSHD and this is a finding.

Fix Text

Add appropriate IP restrictions for SSH to the /etc/hosts.deny and/or /etc/hosts.allow files. TCP Wrappers can be installed using SMIT from the AIX expansion pack as fileset netsec.options.tcpwrappers.

Additional Identifiers

Rule ID: SV-38955r1_rule

Vulnerability ID: V-12022

Group Title: GEN005540

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-000366

The organization implements the security configuration settings.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
CM-6

Configuration Settings