Detections
Analytics
GEN005306 - SNMP service must require a FIPS 140-2 approved hash algorithm as part of its authentication and integrity methods
Information
The SNMP service must use SHA-1 or a FIPS 140-2 approved successor for authentication and integrity.Solution
Edit the /etc/snmpdv3.conf file. Change any instances of the HMAC-MD5 authentication protocol in USM_USER entries to HMAC-SHA. For all changed USM_USER entries, regenerate authentication keys using the 'pwtokey' command and replace the keys in the /etc/snmpdv3.conf file.See Also
https://iasecontent.disa.mil/stigs/zip/U_AIX_6-1_V1R14_STIG.zip
Item Details
Audit Name: DISA STIG AIX 6.1 v1r14
Category: ACCESS CONTROL
References: 800-53|AC-17(2), CAT|II, CCI|CCI-001453, Group-ID|V-22448, Rule-ID|SV-38890r1_rule, STIG-ID|GEN005306, Vuln-ID|V-22448
Plugin: Unix
Control ID: b6d47e533478a3178ba1188b7706bf0a85881781a56b77b22e5dfad2f66353a5