The SLES for vRealize must implement cryptographic mechanisms to prevent unauthorized disclosure of information and/or detect changes to information during transmission unless otherwise protected by alternative physical safeguards, such as, at a minimum, a Protected Distribution System (PDS).
DISA Rule
SV-99347r1_rule
Vulnerability Number
V-88697
Group Title
SRG-OS-000424-GPOS-00188
Rule Version
VROM-SL-001290
Severity
CAT I
CCI(s)
- CCI-002421 - The information system implements cryptographic mechanisms to prevent unauthorized disclosure of information and/or detect changes to information during transmission unless otherwise protected by organization-defined alternative physical safeguards.
Weight
10
Fix Recommendation
Edit the SSH daemon configuration and remove any MACs other than "hmac-sha1". If necessary, add a "MACs" line.
# sed -i "/^[^#]*MACs/ c\MACs hmac-sha1" /etc/ssh/sshd_config
Check Contents
Check the SSH daemon configuration for allowed MACs:
# grep -i macs /etc/ssh/sshd_config | grep -v '^#'
If no lines are returned, or the returned MACs list contains any MAC other than "hmac-sha1", this is a finding.
Vulnerability Number
V-88697
Documentable
False
Rule Version
VROM-SL-001290
Severity Override Guidance
Check the SSH daemon configuration for allowed MACs:
# grep -i macs /etc/ssh/sshd_config | grep -v '^#'
If no lines are returned, or the returned MACs list contains any MAC other than "hmac-sha1", this is a finding.
Check Content Reference
M
Target Key
3461
Comments