STIGQter: STIG Summary: VMware vRealize Automation 7.x SLES Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 28 Sep 2018:

The SLES for vRealize must implement cryptographic mechanisms to protect the confidentiality of nonlocal maintenance and diagnostic communications, when used for nonlocal maintenance sessions.

DISA Rule

SV-100457r1_rule

Vulnerability Number

V-89807

Group Title

SRG-OS-000394-GPOS-00174

Rule Version

VRAU-SL-001255

Severity

CAT II

CCI(s)

• CCI-003123 - The information system implements cryptographic mechanisms to protect the confidentiality of nonlocal maintenance and diagnostic communications.

Weight

10

Fix Recommendation

Edit the SSH daemon configuration and remove any MACs other than "hmac-sha1". If necessary, add a "MACs" line.

# sed -i "/^[^#]*MACs/ c\MACs hmac-sha1" /etc/ssh/sshd_config

Check Contents

Check the SSH daemon configuration for allowed MACs:

# grep -i macs /etc/ssh/sshd_config | grep -v '^#'

If no lines are returned, or the returned MACs list contains any MAC other than "hmac-sha1", this is a finding.

Vulnerability Number

V-89807

Documentable

False

Rule Version

VRAU-SL-001255

Severity Override Guidance

Check the SSH daemon configuration for allowed MACs:

# grep -i macs /etc/ssh/sshd_config | grep -v '^#'

If no lines are returned, or the returned MACs list contains any MAC other than "hmac-sha1", this is a finding.

Check Content Reference

M

Target Key

3459

Comments