Ubuntu OS must restrict SSH access to allow only NetIM internal communication.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-275617 | RIIM-OS-255010 | SV-275617r1148290_rule | CCI-002418 | medium |
| Description | ||||
| Remote access is not authorized for connection to the Riverbed NetIM shell to minimize and deter system administrators from accessing the shell, bash commands, or root account remotely. Though the device is not critical to the infrastructure, compromise of this device at the OS level could lead to compromise of other devices on the network. | ||||
| STIG | Date | |||
| Riverbed NetIM OS Security Technical Implementation Guide | 2025-10-02 | |||
Details
Check Text (C-275617r1148290_chk)
Verify firewall rule exists to restrict SSH to allow specific IP addresses only by using the following commands:
$ sudo ufw status
If a firewall rule does not exist to restrict port 22 to allow specific IP addresses and deny all other address, this is a finding.
Fix Text (F-79624r1147900_fix)
Deny all other SSH connections and allow SSH connections from a specific IP address by using the following commands. Allow from NetIM core/worker(s)/manager in a base configuration with UFW allow.
$ sudo ufw deny from any to any port 22
$ sudo ufw allow from <NETIM_IP_ADDRESS node list> to any port 22
Where NETIM_IP_ADDRESS list are the list of NETIM IP addresses for all nodes.
Note: This will restrict system admins to use of the CONSOLE mechanism available depending on the Virtual Platform being used.