STIGQter STIGQter: STIG Summary: SUSE Linux Enterprise Server 15 Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 23 Apr 2021:

The SUSE operating system SSH daemon private host key files must have mode 0600 or less permissive.

DISA Rule

SV-235009r622137_rule

Vulnerability Number

V-235009

Group Title

SRG-OS-000480-GPOS-00227

Rule Version

SLES-15-040250

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure the mode of the SUSE operating system SSH daemon private host key files under "/etc/ssh" to "0600" with the following command:

> sudo chmod 0600 /etc/ssh/ssh_host*key

Check Contents

Verify the SUSE operating system SSH daemon private host key files have mode "0600" or less permissive.

The following command will find all SSH private key files on the system:

> sudo find / -name '*ssh_host*key' -exec ls -lL {} \;

Check the mode of the private host key files under "/etc/ssh" file with the following command:

> find /etc/ssh -name 'ssh_host*key' -exec stat -c "%a %n" {} \;

600 /etc/ssh/ssh_host_rsa_key
600 /etc/ssh/ssh_host_dsa_key
600 /etc/ssh/ssh_host_ecdsa_key
600 /etc/ssh/ssh_host_ed25519_key

If any file has a mode more permissive than "0600", this is a finding.

Vulnerability Number

V-235009

Documentable

False

Rule Version

SLES-15-040250

Severity Override Guidance

Verify the SUSE operating system SSH daemon private host key files have mode "0600" or less permissive.

The following command will find all SSH private key files on the system:

> sudo find / -name '*ssh_host*key' -exec ls -lL {} \;

Check the mode of the private host key files under "/etc/ssh" file with the following command:

> find /etc/ssh -name 'ssh_host*key' -exec stat -c "%a %n" {} \;

600 /etc/ssh/ssh_host_rsa_key
600 /etc/ssh/ssh_host_dsa_key
600 /etc/ssh/ssh_host_ecdsa_key
600 /etc/ssh/ssh_host_ed25519_key

If any file has a mode more permissive than "0600", this is a finding.

Check Content Reference

M

Target Key

5274

Comments