STIGQter STIGQter: STIG Summary: SUSE Linux Enterprise Server 15 Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 23 Apr 2021:

The SUSE operating system for all network connections associated with SSH traffic must immediately terminate at the end of the session or after 10 minutes of inactivity.

DISA Rule

SV-234830r622137_rule

Vulnerability Number

V-234830

Group Title

SRG-OS-000163-GPOS-00072

Rule Version

SLES-15-010320

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure the SUSE operating system to automatically terminate all network connections associated with SSH traffic at the end of a session or after a 10-minute period of inactivity.

Modify or append the following lines in the "/etc/ssh/sshd_config" file:

ClientAliveCountMax 0

In order for the changes to take effect, the SSH daemon must be restarted.

> sudo systemctl restart sshd.service

Check Contents

Verify that all network connections associated with SSH traffic are automatically terminated at the end of the session or after 10 minutes of inactivity.

Check that the "ClientAliveCountMax" variable is set to a value of "0" or less by performing the following command:

> sudo grep -i clientalive /etc/ssh/sshd_config

ClientAliveInterval 600

ClientAliveCountMax 0

If "ClientAliveCountMax" does not exist or "ClientAliveCountMax" is not set to a value of "0" or less in "/etc/ssh/sshd_config", or the line is commented out, this is a finding.

Vulnerability Number

V-234830

Documentable

False

Rule Version

SLES-15-010320

Severity Override Guidance

Verify that all network connections associated with SSH traffic are automatically terminated at the end of the session or after 10 minutes of inactivity.

Check that the "ClientAliveCountMax" variable is set to a value of "0" or less by performing the following command:

> sudo grep -i clientalive /etc/ssh/sshd_config

ClientAliveInterval 600

ClientAliveCountMax 0

If "ClientAliveCountMax" does not exist or "ClientAliveCountMax" is not set to a value of "0" or less in "/etc/ssh/sshd_config", or the line is commented out, this is a finding.

Check Content Reference

M

Target Key

5274

Comments