Navigate

Check: SLES-12-030151

SLES 12 STIG: SLES-12-030151 (in versions v2 r13 through v1 r4)

Title

The SUSE operating system must not allow users to override SSH environment variables. (Cat II impact)

Discussion

SSH environment options potentially allow users to bypass access restriction in some configurations.

Check Content

Verify the SUSE operating system disables unattended via SSH. Check that unattended logon via SSH is disabled with the following command: # sudo grep -i "permituserenvironment" /etc/ssh/sshd_config PermitUserEnvironment no If the "PermitUserEnvironment" keyword is not set to "no", is missing completely, or is commented out, this is a finding.

Fix Text

Configure the SUSE operating system disables unattended logon via SSH. Add or edit the following lines in the "/etc/ssh/sshd_config" file: PermitUserEnvironment no

Additional Identifiers

Rule ID: SV-217269r877377_rule

Vulnerability ID: V-217269

Group Title: SRG-OS-000480-GPOS-00229

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.

Number	Definition
CCI-000366	The organization implements the security configuration settings.

Controls

Controls tied to check. These are derived from the CCIs shown above.

Number	Title
CM-6	Configuration Settings