STIGQter: STIG Summary: Red Hat Enterprise Linux 7 Security Technical Implementation Guide Version: 3 Release: 3 Benchmark Date: 23 Apr 2021:

The Red Hat Enterprise Linux operating system must be configured so that all networked systems have SSH installed.

DISA Rule

SV-204585r603261_rule

Vulnerability Number

V-204585

Group Title

SRG-OS-000423-GPOS-00187

Rule Version

RHEL-07-040300

Severity

CAT II

CCI(s)

• CCI-002422 - The information system maintains the confidentiality and/or integrity of information during reception.
• CCI-002418 - The information system protects the confidentiality and/or integrity of transmitted information.
• CCI-002420 - The information system maintains the confidentiality and/or integrity of information during preparation for transmission.
• CCI-002421 - The information system implements cryptographic mechanisms to prevent unauthorized disclosure of information and/or detect changes to information during transmission unless otherwise protected by organization-defined alternative physical safeguards.

Weight

10

Fix Recommendation

Install SSH packages onto the host with the following commands:

# yum install openssh-server.x86_64

Check Contents

Check to see if sshd is installed with the following command:

# yum list installed \*ssh\*
libssh2.x86_64 1.4.3-8.el7 @anaconda/7.1
openssh.x86_64 6.6.1p1-11.el7 @anaconda/7.1
openssh-server.x86_64 6.6.1p1-11.el7 @anaconda/7.1

If the "SSH server" package is not installed, this is a finding.

Vulnerability Number

V-204585

Documentable

False

Rule Version

RHEL-07-040300

Severity Override Guidance

Check to see if sshd is installed with the following command:

# yum list installed \*ssh\*
libssh2.x86_64 1.4.3-8.el7 @anaconda/7.1
openssh.x86_64 6.6.1p1-11.el7 @anaconda/7.1
openssh-server.x86_64 6.6.1p1-11.el7 @anaconda/7.1

If the "SSH server" package is not installed, this is a finding.

Check Content Reference

M

Target Key

2899

Comments