STIGQter STIGQter: STIG Summary: IBM AIX 7.x Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 25 Apr 2019: AIX must terminate all SSH login sessions after 10 minutes of inactivity.

DISA Rule

SV-101545r1_rule

Vulnerability Number

V-91447

Group Title

SRG-OS-000163-GPOS-00072

Rule Version

AIX7-00-003002

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Edit the "/etc/ssh/sshd_config" file and add or update the following lines:
ClientAliveInterval 300
ClientAliveCountMax 0

Restart SSH daemon.
# stopsrc -s sshd
# startsrc -s sshd

Check Contents

Check the SSH daemon configuration for "ClientAliveInterval" setting with the following command.
# grep ClientAliveInterval /etc/ssh/sshd_config
ClientAliveInterval 300

If the variable "ClientAliveInterval" is commented out or not set to "300", this is a finding.

Check the SSH daemon configuration setting for "ClientAliveCountMax" setting with the following command.
# grep ClientAliveCountMax /etc/ssh/sshd_config
ClientAliveCountMax 0

If the variable "ClientAliveCountMax" is commented out or not set to "0" this is a finding.

Vulnerability Number

V-91447

Documentable

False

Rule Version

AIX7-00-003002

Severity Override Guidance

Check the SSH daemon configuration for "ClientAliveInterval" setting with the following command.
# grep ClientAliveInterval /etc/ssh/sshd_config
ClientAliveInterval 300

If the variable "ClientAliveInterval" is commented out or not set to "300", this is a finding.

Check the SSH daemon configuration setting for "ClientAliveCountMax" setting with the following command.
# grep ClientAliveCountMax /etc/ssh/sshd_config
ClientAliveCountMax 0

If the variable "ClientAliveCountMax" is commented out or not set to "0" this is a finding.

Check Content Reference

M

Target Key

3491

Comments