-
Notifications
You must be signed in to change notification settings - Fork 705
/
rule.yml
70 lines (58 loc) · 2.43 KB
/
rule.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
documentation_complete: true
title: 'Enable the OpenSSH Service'
description: |-
The SSH server service, sshd, is commonly needed.
{{{ describe_service_enable(service="sshd") }}}
rationale: |-
Without protection of the transmitted information, confidentiality, and
integrity may be compromised because unprotected communications can be
intercepted and either read or altered.
<br /><br />
This checklist item applies to both internal and external networks and all types
of information system components from which information can be transmitted (e.g., servers,
mobile devices, notebook computers, printers, copiers, scanners, etc). Communication paths
outside the physical protection of a controlled boundary are exposed to the possibility
of interception and modification.
severity: medium
identifiers:
cce@rhel8: CCE-82426-8
cce@rhel9: CCE-90822-8
cce@rhel10: CCE-88621-8
cce@sle12: CCE-83201-4
cce@sle15: CCE-83297-2
cce@slmicro5: CCE-93771-4
references:
cis-csc: 13,14
cobit5: APO01.06,DSS05.02,DSS05.04,DSS05.07,DSS06.02,DSS06.06
cui: 3.1.13,3.5.4,3.13.8
disa: CCI-002420,CCI-002421,CCI-002418,CCI-002422
isa-62443-2013: 'SR 3.1,SR 3.8,SR 4.1,SR 4.2,SR 5.2'
iso27001-2013: A.10.1.1,A.11.1.4,A.11.1.5,A.11.2.1,A.13.1.1,A.13.1.3,A.13.2.1,A.13.2.3,A.13.2.4,A.14.1.2,A.14.1.3,A.6.1.2,A.7.1.1,A.7.1.2,A.7.3.1,A.8.2.2,A.8.2.3,A.9.1.1,A.9.1.2,A.9.2.3,A.9.4.1,A.9.4.4,A.9.4.5
nist: CM-6(a),SC-8,SC-8(1),SC-8(2),SC-8(3),SC-8(4)
nist-csf: PR.DS-2,PR.DS-5
srg: SRG-OS-000423-GPOS-00187,SRG-OS-000424-GPOS-00188,SRG-OS-000425-GPOS-00189,SRG-OS-000426-GPOS-00190
stigid@ol7: OL07-00-040310
stigid@ol8: OL08-00-040160
stigid@rhel8: RHEL-08-040160
stigid@sle12: SLES-12-030100
stigid@sle15: SLES-15-010530
stigid@ubuntu2004: UBTU-20-010042
stigid@ubuntu2204: UBTU-22-255015
ocil: |-
{{{ ocil_service_enabled(service="sshd") }}}
ocil_clause: sshd service is disabled
template:
name: service_enabled
vars:
servicename: sshd
servicename@ubuntu1604: ssh
servicename@ubuntu1804: ssh
servicename@ubuntu2004: ssh
servicename@ubuntu2204: ssh
packagename: openssh-server
packagename@sle12: openssh
packagename@sle15: openssh
packagename@slmicro5: openssh
fixtext: |-
{{{ fixtext_service_enabled("sshd") }}}
srg_requirement: '{{{ srg_requirement_service_enabled("sshd") }}}'