Rule ID
SV-279584r1192313_rule
Version
V1R1
CCIs
Failure to restrict system access to authenticated users negatively impacts operating system security.
Verify Nutanix OS does not allow users to override environment variables to the SSH daemon. 1. Check for the value of the "PermitUserEnvironment" keyword using the following command. Verify the "PermitUserEnvironment" keyword is not set to "no", is missing, or is commented out. $ sudo grep -i permituserenvironment /etc/ssh/sshd_config PermitUserEnvironment no 2. Verify "HostbasedAuthentication" keyword is not set to "no", is missing, or is commented out. $ sudo grep -i hostbasedauthentication /etc/ssh/sshd_config HostbasedAuthentication no If Nutanix OS does allows users to override environment variables to the SSH daemon, this is a finding.
Configure SSH. 1. For AOS, configure SSH, then restart the SSH for the changes to take effect. $ sudo salt-call state.sls security/CVM/sshdCVM $ sudo systemctl restart sshd 2. For Prism Central, configure SSH, then restart the SSH for the changes to take effect. $ sudo salt-call state.sls security/PCVM/sshdPCVM $ sudo systemctl restart sshd 3. For Files, configure SSH, then restart the SSH for the changes to take effect. $ sudo salt-call state.sls security/AFS/sshdAFS $ sudo systemctl restart sshd 4. For AHV configure SSH, then restart the SSH for the changes to take effect. $ sudo salt-call state.sls security/KVM/sshdKVM $ sudo systemctl restart sshd