Configuring SSH – banner configuration – ‘Banner = /etc/motd’
Details Checking that /etc/ssh/sshd_config has been edited to use a login herald. Supportive Information The following resource is also helpful....
- Home
- Security Hardening
- CIS AIX 5.3.6.1 L1 V1.1.0
CIS AIX 5.3.6.1 L1 V1.1.0
Configuring SSH – client protocol – ‘Protocol 2’
Details Checking that /etc/ssh/ssh_config has been edited to allow SSH2 only. Supportive Information The following resource is also helpful. https://workbench.cisecurity.org/files/525...Configuring SSH – disable null passwords – ‘PermitEmptyPasswords = no’
Details Checking that /etc/ssh/sshd_config has been edited to disallow authenticating users with null passwords. Supportive Information The following resource is...Configuring SSH – disabling direct root access – ‘PermitRootLogin = no’
Details Checking that /etc/ssh/sshd_config has been edited to disable direct root login. Supportive Information The following resource is also helpful....Configuring SSH – set privilege separation – ‘UsePrivilegeSeparation = yes’
Details Checking that /etc/ssh/sshd_config has been edited to ensure that privilege separation is enabled. Supportive Information The following resource is...Configuring SSH – ssh_config permissions lockdown – ‘/etc/ssh/ssh_config root:system 644’
Details Checking that /etc/ssh/sshd_config exists and is mode 644 Supportive Information The following resource is also helpful. https://workbench.cisecurity.org/files/525 This security...Configuring SSH – sshd_config permissions lockdown – ‘/etc/ssh/sshd_config root:system 600’
Details Checking that /etc/ssh/sshd_config exists and is mode 600 Supportive Information The following resource is also helpful. https://workbench.cisecurity.org/files/525 This security...Configuring SSH – server protocol – ‘Protocol 2’
Details Checking that /etc/ssh/sshd_config has been edited to allow SSH2 only. Supportive Information The following resource is also helpful. https://workbench.cisecurity.org/files/525.../etc/inetd.conf – permissions and ownership – ‘/etc/inetd.conf root:system 644’
Details Checks that the owner, group and mode of /etc/inetd.conf are set appropriately. Supportive Information The following resource is also.../etc/mail/sendmail.cf – SmtpGreetingMessage – ‘SmtpGreetingMessage = mailerready’
Details Checking that /etc/mail/sendmail.cf has been edited to change the default SmtpGreetingMessage. Supportive Information The following resource is also helpful....