Check: AIX7-00-002116
IBM AIX 7.x STIG:
AIX7-00-002116
(in versions v3 r1 through v1 r1)
Title
AIX SSH daemon must perform strict mode checking of home directory configuration files. (Cat II impact)
Discussion
If other users have access to modify user-specific SSH configuration files, they may be able to log into the system as another user.
Check Content
Check the SSH daemon configuration for the "StrictModes" setting using command: # grep -i StrictModes /etc/ssh/sshd_config | grep -v '^#' StrictModes yes If the setting is missing or is set to "no", this is a finding.
Fix Text
Edit the "/etc/sshd/sshd_config" file and add or change the "StrictModes" setting to "yes". Restart the SSH daemon: # stopsrc -s sshd # startsrc -s sshd
Additional Identifiers
Rule ID: SV-215299r991589_rule
Vulnerability ID: V-215299
Group Title: SRG-OS-000480-GPOS-00227
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000366 |
Implement the security configuration settings. |
Controls
Number | Title |
---|---|
CM-6 |
Configuration Settings |