Nutanix AOS must not allow an unattended or automatic logon to the system.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-254196	NUTX-OS-001090	SV-254196r846676_rule		Medium

Description
Failure to restrict system access to authenticated users negatively impacts operating system security.

STIG	Date
Nutanix AOS 5.20.x OS Security Technical Implementation Guide	2022-08-24

Details

Check Text ( C-57681r846674_chk )
Confirm Nutanix AOS does not allow users to override environment variables to the SSH daemon. Check for the value of the "PermitUserEnvironment" keyword with the following command: $ sudo grep -i permituserenvironment /etc/ssh/sshd_config PermitUserEnvironment no If the "PermitUserEnvironment" keyword is not set to "no", is missing, or is commented out, this is a finding. $ sudo grep -i hostbasedauthentication /etc/ssh/sshd_config HostbasedAuthentication no If the "HostbasedAuthentication" keyword is not set to "no", is missing, or is commented out, this is a finding.

Check Text ( C-57681r846674_chk )

Confirm Nutanix AOS does not allow users to override environment variables to the SSH daemon.

Check for the value of the "PermitUserEnvironment" keyword with the following command:

$ sudo grep -i permituserenvironment /etc/ssh/sshd_config
PermitUserEnvironment no

If the "PermitUserEnvironment" keyword is not set to "no", is missing, or is commented out, this is a finding.

$ sudo grep -i hostbasedauthentication /etc/ssh/sshd_config
HostbasedAuthentication no

If the "HostbasedAuthentication" keyword is not set to "no", is missing, or is commented out, this is a finding.

Fix Text (F-57632r846675_fix)
Configure Nutanix AOS to not allow users to override environment variables to the SSH daemon by running the following command. $ sudo salt-call state.sls security/CVM/sshdCVM