STIGQter: STIG Summary: VMware vRealize Automation 7.x SLES Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 28 Sep 2018:

The SLES for vRealize must control remote access methods.

DISA Rule

SV-100423r1_rule

Vulnerability Number

V-89773

Group Title

SRG-OS-000297-GPOS-00115

Rule Version

VRAU-SL-000975

Severity

CAT II

CCI(s)

• CCI-002314 - The information system controls remote access methods.

Weight

10

Fix Recommendation

Edit the SSH daemon configuration /etc/ssh/sshd_config to specify listening network addresses designated for management traffic with the following command:

sed -i "/^ListenAddress/ c\ListenAddress x.x.x.x" /etc/ssh/sshd_config

Note: Replace x.x.x.x with the desired remote access IP address.

Check Contents

Check the SSH daemon configuration for listening network addresses:

# grep -i Listen /etc/ssh/sshd_config | grep -v '^#'

If no configuration is returned, or if a returned "Listen" configuration contains addresses not designated for management traffic, this is a finding.

Vulnerability Number

V-89773

Documentable

False

Rule Version

VRAU-SL-000975

Severity Override Guidance

Check the SSH daemon configuration for listening network addresses:

# grep -i Listen /etc/ssh/sshd_config | grep -v '^#'

If no configuration is returned, or if a returned "Listen" configuration contains addresses not designated for management traffic, this is a finding.

Check Content Reference

M

Target Key

3459

Comments