The AIX SSH daemon must be configured for IP filtering.

An XCCDF Rule

Description

The SSH daemon must be configured for IP filtering to provide a layered defense against connection attempts from unauthorized addresses.

ID: SV-215295r1009551_rule
Version: AIX7-00-002112
Severity: Medium
References: CCI-000366
Updated: 24 days ago

Remediation Templates

Add appropriate IP restrictions for SSH to the "/etc/hosts.deny" and/or "/etc/hosts.allow" files. 

TCP Wrappers can be installed from the AIX Expansion Pack by installing fileset "netsec.options.tcpwrappers" using the following command (assume AIX Expansion Pack is mounted on /dev/cd0):
# installp -aXYgd /dev/cd0 -e /tmp/install.log netsec.options.tcpwrappers