STIGQter: STIG Summary: Oracle Linux 6 Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:

The SSH daemon must be configured with the Department of Defense (DoD) login banner.

DISA Rule

SV-208927r603263_rule

Vulnerability Number

V-208927

Group Title

SRG-OS-000023

Rule Version

OL6-00-000240

Severity

CAT II

CCI(s)

• CCI-000048 - The information system displays an organization-defined system use notification message or banner before granting access to the system that provides privacy and security notices consistent with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance.

Weight

10

Fix Recommendation

To enable the warning banner and ensure it is consistent across the system, add or correct the following line in "/etc/ssh/sshd_config":

Banner /etc/issue

Another section contains information on how to create an appropriate system-wide warning banner.

Check Contents

To determine how the SSH daemon's "Banner" option is set, run the following command:

# grep -i Banner /etc/ssh/sshd_config

If a line indicating /etc/issue is returned, then the required value is set.
If the required value is not set, this is a finding.

Vulnerability Number

V-208927

Documentable

False

Rule Version

OL6-00-000240

Severity Override Guidance

To determine how the SSH daemon's "Banner" option is set, run the following command:

# grep -i Banner /etc/ssh/sshd_config

If a line indicating /etc/issue is returned, then the required value is set.
If the required value is not set, this is a finding.

Check Content Reference

M

Target Key

2928

Comments