Rule ID
SV-275617r1148290_rule
Version
V1R1
Remote access is not authorized for connection to the Riverbed NetIM shell to minimize and deter system administrators from accessing the shell, bash commands, or root account remotely. Though the device is not critical to the infrastructure, compromise of this device at the OS level could lead to compromise of other devices on the network.
Verify firewall rule exists to restrict SSH to allow specific IP addresses only by using the following commands: $ sudo ufw status If a firewall rule does not exist to restrict port 22 to allow specific IP addresses and deny all other address, this is a finding.
Deny all other SSH connections and allow SSH connections from a specific IP address by using the following commands. Allow from NetIM core/worker(s)/manager in a base configuration with UFW allow. $ sudo ufw deny from any to any port 22 $ sudo ufw allow from <NETIM_IP_ADDRESS node list> to any port 22 Where NETIM_IP_ADDRESS list are the list of NETIM IP addresses for all nodes. Note: This will restrict system admins to use of the CONSOLE mechanism available depending on the Virtual Platform being used.