Check: AIX7-00-002114
IBM AIX 7.x STIG:
AIX7-00-002114
(in versions v3 r1 through v1 r1)
Title
AIX must turn on SSH daemon privilege separation. (Cat II impact)
Discussion
SSH daemon privilege separation causes the SSH process to drop root privileges when not needed, which would decrease the impact of software vulnerabilities in the unprivileged section.
Check Content
Check the SSH daemon configuration for the "UsePrivilegeSeparation" setting using command: # grep -i UsePrivilegeSeparation /etc/ssh/sshd_config | grep -v '^#' UsePrivilegeSeparation yes If the setting is not present or the setting is "no", this is a finding.
Fix Text
Edit the "/etc/sshd/sshd_config" file and add the following line: UsePrivilegeSeparation yes Restart the SSH daemon: # stopsrc -s sshd # startsrc -s sshd
Additional Identifiers
Rule ID: SV-215297r991589_rule
Vulnerability ID: V-215297
Group Title: SRG-OS-000480-GPOS-00227
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000366 |
Implement the security configuration settings. |
Controls
Number | Title |
---|---|
CM-6 |
Configuration Settings |