Check: GEN005532
VMware ESX 3 Server:
GEN005532
(in version v1 r2)
Title
The SSH client must not permit tunnels. (Cat II impact)
Discussion
OpenSSH has the ability to create network tunnels (layer-2 and layer-3) over an SSH connection. This function can provide similar convenience to a Virtual Private Network (VPN) with the similar risk of providing a path to circumvent firewalls and network ACLs.
Check Content
Check the SSH client configuration for the Tunnel setting. # grep -i Tunnel /etc/ssh/ssh_config | grep -v '^#' If the setting is not present, or not set to no, this is a finding.
Fix Text
Edit the SSH client configuration and add or edit the Tunnel setting value to no.
Additional Identifiers
Rule ID: SV-26775r1_rule
Vulnerability ID: V-22481
Group Title: GEN005532
Expert Comments
Expert comments are only available to logged-in users.
CCIs
CCIs tied to check.
| Number | Definition |
|---|---|
| CCI-000221 |
The information system enforces security policies regarding information on interconnected systems. |
Controls
Controls tied to check. These are derived from the CCIs shown above.
| Number | Title |
|---|---|
| No controls are assigned to this check |