Ubuntu OS must restrict SSH access to allow only NetIM internal communication.

Severity	Group ID	Group Title	Version	Rule ID	Date	STIG Version
medium	V-275617	SRG-OS-000481-GPOS-00481	RIIM-OS-255010	SV-275617r1148290_rule	2025-10-02	1

Description
Remote access is not authorized for connection to the Riverbed NetIM shell to minimize and deter system administrators from accessing the shell, bash commands, or root account remotely. Though the device is not critical to the infrastructure, compromise of this device at the OS level could lead to compromise of other devices on the network.

ℹ️ Check
Verify firewall rule exists to restrict SSH to allow specific IP addresses only by using the following commands: $ sudo ufw status If a firewall rule does not exist to restrict port 22 to allow specific IP addresses and deny all other address, this is a finding.

✔️ Fix
Deny all other SSH connections and allow SSH connections from a specific IP address by using the following commands. Allow from NetIM core/worker(s)/manager in a base configuration with UFW allow. $ sudo ufw deny from any to any port 22 $ sudo ufw allow from <NETIM_IP_ADDRESS node list> to any port 22 Where NETIM_IP_ADDRESS list are the list of NETIM IP addresses for all nodes. Note: This will restrict system admins to use of the CONSOLE mechanism available depending on the Virtual Platform being used.

✔️ Fix

Deny all other SSH connections and allow SSH connections from a specific IP address by using the following commands. Allow from NetIM core/worker(s)/manager in a base configuration with UFW allow. $ sudo ufw deny from any to any port 22 $ sudo ufw allow from <NETIM_IP_ADDRESS node list> to any port 22 Where NETIM_IP_ADDRESS list are the list of NETIM IP addresses for all nodes. Note: This will restrict system admins to use of the CONSOLE mechanism available depending on the Virtual Platform being used.