STIGQter STIGQter: STIG Summary: Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:

The Ubuntu operating system must immediately terminate all network connections associated with SSH traffic after a period of inactivity.

DISA Rule

SV-219310r610963_rule

Vulnerability Number

V-219310

Group Title

SRG-OS-000126-GPOS-00066

Rule Version

UBTU-18-010415

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure the Ubuntu operating system to automatically terminate inactive SSH sessions after a period of inactivity.

Modify or append the following line in the "/etc/ssh/sshd_config" file replacing "[Count]" with a value of 1:

ClientAliveCountMax 1

In order for the changes to take effect, the SSH daemon must be restarted.

# sudo systemctl restart sshd.service

Check Contents

Verify that all network connections associated with SSH traffic automatically terminate after a period of inactivity.

Check that "ClientAliveCountMax" variable is set in "/etc/ssh/sshd_config" file by performing the following command:

# sudo grep -i clientalivecountmax /etc/ssh/sshd_config

ClientAliveCountMax 1

If "ClientAliveCountMax" is not set, or not set to "1", or is commented out, this is a finding.

Vulnerability Number

V-219310

Documentable

False

Rule Version

UBTU-18-010415

Severity Override Guidance

Verify that all network connections associated with SSH traffic automatically terminate after a period of inactivity.

Check that "ClientAliveCountMax" variable is set in "/etc/ssh/sshd_config" file by performing the following command:

# sudo grep -i clientalivecountmax /etc/ssh/sshd_config

ClientAliveCountMax 1

If "ClientAliveCountMax" is not set, or not set to "1", or is commented out, this is a finding.

Check Content Reference

M

Target Key

4055

Comments