The F5 BIG-IP must ensure SSH is disabled for root user logon to prevent remote access using the root account.
An XCCDF Rule
Description
<VulnDiscussion>The F5 BIG-IP shell must be locked down to limit the ability to modify the configuration through the shell. Preventing attackers from remotely accessing management functions using root account mitigates the risk that unauthorized individuals or processes may gain superuser access to information or privileges. Additionally, the audit records for actions taken using the group account will not identify the specific person who took the actions.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-217424r879588_rule
- Severity
- Medium
- References
- Updated
Remediation - Manual Procedure
To ensure that the F5 BIG-IP meets the requirements within the STIG, limit the ability to modify the configuration at the command line. SSH into the command line interface and type in the following commands.
(tmos)# modify sys db systemauth.disablerootlogin value true
(tmos)# modify sys db systemauth.disablebash value true
(tmos)# save sys config