An error occurred:

Check: GEN005307

SUSE Linux Enterprise Server v11 for System z STIG: GEN005307 (in versions v1 r12 through v1 r9)

Title

The SNMP service must require the use of a FIPS 140-2 approved encryption algorithm for protecting the privacy of SNMP messages. (Cat II impact)

Discussion

The SNMP service must use AES or a FIPS 140-2 approved successor algorithm for protecting the privacy of communications.

Check Content

Verify the SNMP daemon uses AES for SNMPv3 users. Procedure: Examine the default install location /etc/snmp/snmpd.conf or: # find / -name snmpd.conf # grep -v '^#' <snmpd.conf file> | grep -i createuser | grep -vi AES If any line is present this is a finding.

Fix Text

Edit /etc/snmp/snmpd.conf and add the AES keyword for any create user statement without one. Restart the SNMP service. # service snmpd restart

Additional Identifiers

Rule ID: SV-45952r1_rule

Vulnerability ID: V-22449

Group Title: GEN005307

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-000068

The information system implements cryptographic mechanisms to protect the confidentiality of remote access sessions.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
AC-17 (2)

Protection Of Confidentiality / Integrity Using Encryption