Title

Ubuntu OS must restrict SSH access to allow only NetIM internal communication. (Cat II impact)

Discussion

Remote access is not authorized for connection to the Riverbed NetIM shell to minimize and deter system administrators from accessing the shell, bash commands, or root account remotely. Though the device is not critical to the infrastructure, compromise of this device at the OS level could lead to compromise of other devices on the network.

Check Content

Verify firewall rule exists to restrict SSH to allow specific IP addresses only by using the following commands: $ sudo ufw status If a firewall rule does not exist to restrict port 22 to allow specific IP addresses and deny all other address, this is a finding.

Fix Text

Deny all other SSH connections and allow SSH connections from a specific IP address by using the following commands. Allow from NetIM core/worker(s)/manager in a base configuration with UFW allow. $ sudo ufw deny from any to any port 22 $ sudo ufw allow from <NETIM_IP_ADDRESS node list> to any port 22 Where NETIM_IP_ADDRESS list are the list of NETIM IP addresses for all nodes. Note: This will restrict system admins to use of the CONSOLE mechanism available depending on the Virtual Platform being used.

Additional Identifiers

Rule ID: SV-275617r1148290_rule

Vulnerability ID: V-275617

Group Title: SRG-OS-000481-GPOS-00481

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.