Check: PHTN-67-000119
VMware vSphere 6.7 Photon OS STIG:
PHTN-67-000119
(in versions v1 r6 through v1 r1)
Title
The Photon operating system must protect sshd configuration from unauthorized access. (Cat II impact)
Discussion
The sshd_config file contains all the configuration items for sshd. Incorrect or malicious configuration of sshd can allow unauthorized access to the system, insecure communication, limited forensic trail, etc.
Check Content
At the command line, execute the following command: # stat -c "%n permissions are %a and owned by %U:%G" /etc/ssh/sshd_config Expected result: /etc/ssh/sshd_config permissions are 600 and owned by root:root If the output does not match the expected result, this is a finding.
Fix Text
At the command line, execute the following commands: # chmod 600 /etc/ssh/sshd_config # chown root:root /etc/ssh/sshd_config
Additional Identifiers
Rule ID: SV-239190r675378_rule
Vulnerability ID: V-239190
Group Title: SRG-OS-000480-GPOS-00227
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000366 |
The organization implements the security configuration settings. |
Controls
Number | Title |
---|---|
CM-6 |
Configuration Settings |