Check: GEN005536
Solaris 10 SPARC STIG:
GEN005536
(in versions v2 r4 through v1 r19)
Title
The SSH daemon must perform strict mode checking of home directory configuration files. (Cat II impact)
Discussion
If other users have access to modify user-specific SSH configuration files, they may be able to log into the system as another user.
Check Content
Check the SSH daemon configuration for the StrictModes setting. # grep -i StrictModes /etc/ssh/sshd_config | grep -v '^#' If the setting is present and not set to yes, this is a finding.
Fix Text
Edit the SSH daemon configuration and change the StrictModes setting value to yes or remove it entirely.
Additional Identifiers
Rule ID: SV-226997r603265_rule
Vulnerability ID: V-226997
Group Title: SRG-OS-000480
Expert Comments
Expert comments are only available to logged-in users.
CCIs
CCIs tied to check.
| Number | Definition |
|---|---|
| CCI-000366 |
The organization implements the security configuration settings. |
Controls
Controls tied to check. These are derived from the CCIs shown above.
| Number | Title |
|---|---|
| CM-6 |
Configuration Settings |