Navigate

Check: GEN005306

SUSE Linux Enterprise Server v11 for System z STIG: GEN005306 (in versions v1 r12 through v1 r9)

Title

The SNMP service must require the use of a FIPS 140-2 approved cryptographic hash algorithm as part of its authentication and integrity methods. (Cat II impact)

Discussion

The SNMP service must use SHA-1 or a FIPS 140-2 approved successor for authentication and integrity.

Check Content

Verify the SNMP daemon uses SHA for SNMPv3 users. Procedure: Examine the default install location /etc/snmp/snmpd.conf or: # find / -name snmpd.conf # grep -v '^#' <snmpd.conf file> | grep -i createuser | grep -vi SHA If any line is present this is a finding.

Fix Text

Edit /etc/snmp/snmpd.conf and add the SHA keyword for any create user statement without one. Restart the SNMP service. # service snmpd restart

Additional Identifiers

Rule ID: SV-45948r1_rule

Vulnerability ID: V-22448

Group Title: GEN005306

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.

Number	Definition
CCI-001453	The information system implements cryptographic mechanisms to protect the integrity of remote access sessions.

Controls

Controls tied to check. These are derived from the CCIs shown above.

Number	Title
AC-17 (2)	Protection Of Confidentiality / Integrity Using Encryption