STIGQter: STIG Summary: VMware vRealize Automation 7.x SLES Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 28 Sep 2018:

The SLES for vRealize must implement cryptographic mechanisms to prevent unauthorized disclosure of information and/or detect changes to information during transmission unless otherwise protected by alternative physical safeguards, such as, at a minimum, a Protected Distribution System (PDS).

DISA Rule

SV-100465r1_rule

Vulnerability Number

V-89815

Group Title

SRG-OS-000424-GPOS-00188

Rule Version

VRAU-SL-001315

Severity

CAT I

CCI(s)

CCI-002421 - The information system implements cryptographic mechanisms to prevent unauthorized disclosure of information and/or detect changes to information during transmission unless otherwise protected by organization-defined alternative physical safeguards.

Weight

Fix Recommendation

Edit the SSH daemon configuration and remove any MACs other than "hmac-sha1". If necessary, add a "MACs" line.

Check Contents

Check the SSH daemon configuration for allowed MACs:

# grep -i macs /etc/ssh/sshd_config | grep -v '^#'

If no lines are returned, or the returned MACs list contains any MAC other than "hmac-sha1", this is a finding.

The SLES for vRealize must implement cryptographic mechanisms to prevent unauthorized disclosure of information and/or detect changes to information during transmission unless otherwise protected by alternative physical safeguards, such as, at a minimum, a Protected Distribution System (PDS).

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments