Detections
Analytics
GEN005507 - SSH daemon must be configured to only use MACs employing FIPS 140-2 approved cryptographic hash algorithms
Information
DoD information systems are required to use FIPS 140-2 approved cryptographic hash functions.Solution
Edit the SSH daemon configuration and remove any MACs that are not hmac-sha1 or a better hmac algorithm that is on the FIPS 140-2 approved list. If necessary, add a MACs line.See Also
https://iasecontent.disa.mil/stigs/zip/U_AIX_6-1_V1R14_STIG.zip
Item Details
Audit Name: DISA STIG AIX 6.1 v1r14
Category: ACCESS CONTROL
References: 800-53|AC-17(2), CAT|II, CCI|CCI-001453, Group-ID|V-22460, Rule-ID|SV-26753r2_rule, STIG-ID|GEN005507, Vuln-ID|V-22460
Plugin: Unix
Control ID: 934f94312b48757e9e9c1a4a21270288390e15fd1b9183cdad909dc97cff00ea