Navigate

Check: RHEL-06-000241

Red Hat Enterprise Linux 6 STIG: RHEL-06-000241 (in versions v2 r2 through v1 r14)

Title

The SSH daemon must not permit user environment settings. (Cat III impact)

Discussion

SSH environment options potentially allow users to bypass access restriction in some configurations.

Check Content

To ensure users are not able to present environment daemons, run the following command: # grep PermitUserEnvironment /etc/ssh/sshd_config If properly configured, output should be: PermitUserEnvironment no If it is not, this is a finding.

Fix Text

To ensure users are not able to present environment options to the SSH daemon, add or correct the following line in "/etc/ssh/sshd_config": PermitUserEnvironment no

Additional Identifiers

Rule ID: SV-218003r603264_rule

Vulnerability ID: V-218003

Group Title: SRG-OS-000242

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.

Number	Definition
CCI-001414	The information system enforces approved authorizations for controlling the flow of information between interconnected systems based on organization-defined information flow control policies.

Controls

Controls tied to check. These are derived from the CCIs shown above.

Number	Title
AC-4	Information Flow Enforcement