Check: GEN005536
Solaris 10 X86 STIG:
GEN005536
(in versions v2 r4 through v1 r17)
Title
The SSH daemon must perform strict mode checking of home directory configuration files. (Cat II impact)
Discussion
If other users have access to modify user-specific SSH configuration files, they may be able to log into the system as another user.
Check Content
Check the SSH daemon configuration for the StrictModes setting. # grep -i StrictModes /etc/ssh/sshd_config | grep -v '^#' If the setting is present and not set to yes, this is a finding.
Fix Text
Edit the SSH daemon configuration and change the StrictModes setting value to yes or remove it entirely.
Additional Identifiers
Rule ID: SV-227904r603266_rule
Vulnerability ID: V-227904
Group Title: SRG-OS-000480
Expert Comments
Expert comments are only available to logged-in users.
CCIs
CCIs tied to check.
| Number | Definition |
|---|---|
| CCI-000366 |
The organization implements the security configuration settings. |
Controls
Controls tied to check. These are derived from the CCIs shown above.
| Number | Title |
|---|---|
| CM-6 |
Configuration Settings |