GEN005540 - The SSH daemon must be configured for IP filtering - '/etc/hosts.allow'

Information

The SSH daemon must be configured for IP filtering to provide a layered defense against connection attempts from unauthorized addresses.

Solution

Add appropriate IP restrictions for SSH to the /etc/hosts.deny and/or /etc/hosts.allow files.
TCP Wrappers can be installed using SMIT from the AIX expansion pack as fileset netsec.options.tcpwrappers.

See Also

http://iasecontent.disa.mil/stigs/zip/U_STIG_Library_2015_07.zip

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6b., CAT|II, CCI|CCI-000366, Rule-ID|SV-38955r1_rule, STIG-ID|GEN005540, Vuln-ID|V-12022

Plugin: Unix

Control ID: 71aa41c7d4c95d4cd69eb08b83d4990b80dd5324bd5e028a807118c3ef31663e