STIGQter: STIG Summary: Red Hat Enterprise Linux 8 Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 23 Apr 2021: STIGQter: STIG Summary: Red Hat Enterprise Linux 8 Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 23 Apr 2021:SV-230244r627750_rule
V-230244
SRG-OS-000163-GPOS-00072
RHEL-08-010200
CAT II
10
Configure RHEL 8 to automatically terminate all network connections associated with SSH traffic at the end of a session or after 10 minutes of inactivity.
Modify or append the following lines in the "/etc/ssh/sshd_config" file to have a product value of "600" or less:
ClientAliveInterval 600
ClientAliveCountMax 0
In order for the changes to take effect, the SSH daemon must be restarted.
$ sudo systemctl restart sshd.service
Verify all network connections associated with SSH traffic are automatically terminated at the end of the session or after 10 minutes of inactivity.
Check that the "ClientAliveInterval" variable is set to a value of "600" or less and that the "ClientAliveCountMax" is set to "0" by performing the following command:
$ sudo grep -i clientalive /etc/ssh/sshd_config
ClientAliveInterval 600
ClientAliveCountMax 0
If "ClientAliveInterval" and "ClientAliveCountMax" do not exist, does not have a product value of "600" or less in "/etc/ssh/sshd_config", or is commented out, this is a finding.
V-230244
False
RHEL-08-010200
Verify all network connections associated with SSH traffic are automatically terminated at the end of the session or after 10 minutes of inactivity.
Check that the "ClientAliveInterval" variable is set to a value of "600" or less and that the "ClientAliveCountMax" is set to "0" by performing the following command:
$ sudo grep -i clientalive /etc/ssh/sshd_config
ClientAliveInterval 600
ClientAliveCountMax 0
If "ClientAliveInterval" and "ClientAliveCountMax" do not exist, does not have a product value of "600" or less in "/etc/ssh/sshd_config", or is commented out, this is a finding.
M
2921