An error occurred:

Check: AIX7-00-002124

IBM AIX 7.x STIG: AIX7-00-002124 (in versions v2 r9 through v1 r1)

Title

If AIX SSH daemon is required, the SSH daemon must only listen on the approved listening IP addresses. (Cat II impact)

Discussion

The SSH daemon should only listen on the approved listening IP addresses. Otherwise the SSH service could be subject to unauthorized access.

Check Content

From the command prompt, run the following command to check if "ListenAddress" is defined in SSH config file: # grep -i ListenAddress /etc/ssh/sshd_config | grep -v '^#' ListenAddress 10.17.76.74 If no configuration is returned, or if a returned listen configuration contains addresses not permitted, this is a finding.

Fix Text

Edit the SSH daemon config file and add/modify the "ListenAddress" network addresses: # vi /etc/ssh/sshd_config Restart SSH daemon: # stopsrc -s sshd # startsrc -s sshd

Additional Identifiers

Rule ID: SV-215306r508663_rule

Vulnerability ID: V-215306

Group Title: SRG-OS-000480-GPOS-00232

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-000366

The organization implements the security configuration settings.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
CM-6

Configuration Settings