Check: AZLX-23-001180
Amazon Linux 2023 STIG:
AZLX-23-001180
(in version v1 r1)
Title
Amazon Linux 2023 must have SSH installed. (Cat I impact)
Discussion
Without protection of the transmitted information, confidentiality and integrity may be compromised because unprotected communications can be intercepted and either read or altered. Satisfies: SRG-OS-000112-GPOS-00057, SRG-OS-000113-GPOS-00058, SRG-OS-000423-GPOS-00187, SRG-OS-000424-GPOS-00188, SRG-OS-000425-GPOS-00189, SRG-OS-000426-GPOS-00190
Check Content
Verify Amazon Linux 2023 has the openssh-server package installed with the following command: $ dnf list --installed openssh-server Installed Packages openssh-server.x86_64 8.7p1-8.amzn2023.0.13 @amazonlinux If the "openssh-server" package is not installed, this is a finding.
Fix Text
Configure Amazon Linux 2023 to have the openssh-server package installed with the following command: $ sudo dnf install -y openssh-server
Additional Identifiers
Rule ID: SV-274038r1120102_rule
Vulnerability ID: V-274038
Group Title: SRG-OS-000112-GPOS-00057
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-001941 |
Implement replay-resistant authentication mechanisms for access to privileged accounts and/or non-privileged accounts. |
| CCI-002418 |
Protect the confidentiality and/or integrity of transmitted information. |
| CCI-002420 |
Maintain the confidentiality and/or integrity of information during preparation for transmission. |
| CCI-002421 |
Implement cryptographic mechanisms to prevent unauthorized disclosure of information and/or detect changes to information during transmission. |
| CCI-002422 |
Maintain the confidentiality and/or integrity of information during reception. |