Check: SOL-11.1-040370
Solaris 11 x86 STIG:
SOL-11.1-040370
(in versions v2 r10 through v1 r10)
Title
Login must not be permitted with empty/null passwords for SSH. (Cat I impact)
Discussion
Permitting login without a password is inherently risky.
Check Content
Determine if empty/null passwords are allowed for the SSH service. # grep "^PermitEmptyPasswords" /etc/ssh/sshd_config If the output of this command is not: PermitEmptyPasswords no this is a finding.
Fix Text
The root role is required. Modify the sshd_config file # pfedit /etc/ssh/sshd_config Locate the line containing: PermitEmptyPasswords Change it to: PermitEmptyPasswords no Restart the SSH service. # svcadm restart svc:/network/ssh
Additional Identifiers
Rule ID: SV-216118r603268_rule
Vulnerability ID: V-216118
Group Title: SRG-OS-000480
Expert Comments
Expert comments are only available to logged-in users.
CCIs
CCIs tied to check.
| Number | Definition |
|---|---|
| CCI-000366 |
The organization implements the security configuration settings. |
Controls
Controls tied to check. These are derived from the CCIs shown above.
| Number | Title |
|---|---|
| CM-6 |
Configuration Settings |