File: rule.yml

package info (click to toggle)
scap-security-guide 0.1.65-1
  • links: PTS, VCS
  • area: main
  • in suites: bookworm
  • size: 71,936 kB
  • sloc: xml: 179,374; sh: 69,771; python: 23,819; makefile: 23
file content (68 lines) | stat: -rw-r--r-- 2,456 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
 
documentation_complete: true

prodtype: ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204

title: 'Enable the OpenSSH Service'

description: |-
    The SSH server service, sshd, is commonly needed.
    {{{ describe_service_enable(service="sshd") }}}

rationale: |-
    Without protection of the transmitted information, confidentiality, and
    integrity may be compromised because unprotected communications can be
    intercepted and either read or altered.
    <br /><br />
    This checklist item applies to both internal and external networks and all types
    of information system components from which information can be transmitted (e.g., servers,
    mobile devices, notebook computers, printers, copiers, scanners, etc). Communication paths
    outside the physical protection of a controlled boundary are exposed to the possibility
    of interception and modification.

severity: medium

identifiers:
    cce@rhel7: CCE-80216-5
    cce@rhel8: CCE-82426-8
    cce@rhel9: CCE-90822-8
    cce@sle12: CCE-83201-4
    cce@sle15: CCE-83297-2

references:
    cis-csc: 13,14
    cobit5: APO01.06,DSS05.02,DSS05.04,DSS05.07,DSS06.02,DSS06.06
    cui: 3.1.13,3.5.4,3.13.8
    disa: CCI-002418,CCI-002420,CCI-002421,CCI-002422
    isa-62443-2013: 'SR 3.1,SR 3.8,SR 4.1,SR 4.2,SR 5.2'
    iso27001-2013: A.10.1.1,A.11.1.4,A.11.1.5,A.11.2.1,A.13.1.1,A.13.1.3,A.13.2.1,A.13.2.3,A.13.2.4,A.14.1.2,A.14.1.3,A.6.1.2,A.7.1.1,A.7.1.2,A.7.3.1,A.8.2.2,A.8.2.3,A.9.1.1,A.9.1.2,A.9.2.3,A.9.4.1,A.9.4.4,A.9.4.5
    nist: CM-6(a),SC-8,SC-8(1),SC-8(2),SC-8(3),SC-8(4)
    nist-csf: PR.DS-2,PR.DS-5
    srg: SRG-OS-000423-GPOS-00187,SRG-OS-000424-GPOS-00188,SRG-OS-000425-GPOS-00189,SRG-OS-000426-GPOS-00190
    stigid@ol7: OL07-00-040310
    stigid@ol8: OL08-00-040160
    stigid@rhel7: RHEL-07-040310
    stigid@rhel8: RHEL-08-040160
    stigid@sle12: SLES-12-030100
    stigid@sle15: SLES-15-010530
    stigid@ubuntu2004: UBTU-20-010042

ocil: |-
    {{{ ocil_service_enabled(service="sshd") }}}

ocil_clause: sshd service is disabled

template:
    name: service_enabled
    vars:
        servicename: sshd
        servicename@ubuntu1604: ssh
        servicename@ubuntu1804: ssh
        servicename@ubuntu2004: ssh
        packagename: openssh-server
        packagename@sle12: openssh
        packagename@sle15: openssh

fixtext: |-
    {{{ fixtext_service_enabled("sshd") }}}

srg_requirement: '{{{ srg_requirement_service_enabled("sshd") }}}'