VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
The Photon operating system must configure Secure Shell (SSH) to perform strict mode checking of home directory configuration files.
<VulnDiscussion>If other users have access to modify user-specific SSH configuration files, they may be able to log on to the system as anoth...Rule Medium Severity -
SRG-OS-000480-GPOS-00227
<GroupDescription></GroupDescription>Group -
The Photon operating system must configure Secure Shell (SSH) to disallow Kerberos authentication.
<VulnDiscussion>If Kerberos is enabled through SSH, sshd provides a means of access to the system's Kerberos implementation. Vulnerabilities ...Rule Medium Severity -
SRG-OS-000480-GPOS-00227
<GroupDescription></GroupDescription>Group -
The Photon operating system must configure Secure Shell (SSH) to disallow compression of the encrypted session stream.
<VulnDiscussion>If compression is allowed in an SSH connection prior to authentication, vulnerabilities in the compression software could res...Rule Medium Severity -
SRG-OS-000480-GPOS-00227
<GroupDescription></GroupDescription>Group -
The Photon operating system must configure Secure Shell (SSH) to display the last login immediately after authentication.
<VulnDiscussion>Providing users with feedback on the last time they logged on via SSH facilitates user recognition and reporting of unauthori...Rule Medium Severity -
SRG-OS-000480-GPOS-00227
<GroupDescription></GroupDescription>Group -
The Photon operating system must configure Secure Shell (SSH) to ignore user-specific trusted hosts lists.
<VulnDiscussion>SSH trust relationships enable trivial lateral spread after a host compromise and therefore must be explicitly disabled. Indi...Rule Medium Severity -
SRG-OS-000480-GPOS-00227
<GroupDescription></GroupDescription>Group -
The Photon operating system must configure Secure Shell (SSH) to ignore user-specific known_host files.
<VulnDiscussion>SSH trust relationships enable trivial lateral spread after a host compromise and therefore must be explicitly disabled. Indi...Rule Medium Severity -
SRG-OS-000480-GPOS-00227
<GroupDescription></GroupDescription>Group -
The Photon operating system must configure Secure Shell (SSH) to limit the number of allowed login attempts per connection.
<VulnDiscussion>By setting the login attempt limit to a low value, an attacker will be forced to reconnect frequently, which severely limits ...Rule Medium Severity -
SRG-OS-000480-GPOS-00227
<GroupDescription></GroupDescription>Group -
The Photon operating system must configure Secure Shell (SSH) to restrict AllowTcpForwarding.
<VulnDiscussion>While enabling TCP tunnels is a valuable function of sshd, this feature is not appropriate for use on single purpose applianc...Rule Medium Severity -
SRG-OS-000480-GPOS-00227
<GroupDescription></GroupDescription>Group -
The Photon operating system must configure Secure Shell (SSH) to restrict LoginGraceTime.
<VulnDiscussion>By default, SSH unauthenticated connections are left open for two minutes before being closed. This setting is too permissive...Rule Medium Severity -
SRG-OS-000480-GPOS-00227
<GroupDescription></GroupDescription>Group -
The Photon operating system must be configured so that the x86 Ctrl-Alt-Delete key sequence is disabled on the command line.
<VulnDiscussion>When the Ctrl-Alt-Del target is enabled, a locally logged-on user who presses Ctrl-Alt-Delete, when at the console, can reboo...Rule Medium Severity -
SRG-OS-000480-GPOS-00227
<GroupDescription></GroupDescription>Group
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.