STIGQter STIGQter: STIG Summary: IBM AIX 7.x Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 23 Apr 2021:

AIX must use the SSH server to implement replay-resistant authentication mechanisms for network access to privileged and non-privileged accounts.

DISA Rule

SV-215179r508663_rule

Vulnerability Number

V-215179

Group Title

SRG-OS-000112-GPOS-00057

Rule Version

AIX7-00-001012

Severity

CAT I

CCI(s)

Weight

10

Fix Recommendation

If the SSH server package is not installed, install "openssh.base.server" package from AIX DVD Volume 1 using the following command (assuming that the DVD device is /dev/cd0):
# installp -aXYgd /dev/cd0 -e /tmp/install.log openssh.base.server

After the installation, set up the SSH server accordingly.

If the SSH daemon is not running, run the following command to start it:
# startsrc -s sshd

Check Contents

Run the following command to check if SSH server package is installed:

# lslpp -i |grep -i ssh
openssh.base.server 6.0.0.6201

If package "openssh.base.server" is not installed, this is a finding.

Run the following command to check if SSH daemon is running:

# lssrc -s sshd

The above command should yield the following output:
Subsystem Group PID Status
sshd ssh 4325532 active

If the "Status" is not "active", this is a finding.

Vulnerability Number

V-215179

Documentable

False

Rule Version

AIX7-00-001012

Severity Override Guidance

Run the following command to check if SSH server package is installed:

# lslpp -i |grep -i ssh
openssh.base.server 6.0.0.6201

If package "openssh.base.server" is not installed, this is a finding.

Run the following command to check if SSH daemon is running:

# lssrc -s sshd

The above command should yield the following output:
Subsystem Group PID Status
sshd ssh 4325532 active

If the "Status" is not "active", this is a finding.

Check Content Reference

M

Target Key

4012

Comments