STIGQter STIGQter: STIG Summary: Red Hat Enterprise Linux 6 Security Technical Implementation Guide Version: 1 Release: 24 Benchmark Date: 25 Oct 2019: The SSH daemon must set a timeout count on idle sessions.

DISA Rule

SV-50411r1_rule

Vulnerability Number

V-38610

Group Title

SRG-OS-000126

Rule Version

RHEL-06-000231

Severity

CAT III

CCI(s)

Weight

10

Fix Recommendation

To ensure the SSH idle timeout occurs precisely when the "ClientAliveCountMax" is set, edit "/etc/ssh/sshd_config" as follows:

ClientAliveCountMax 0

Check Contents

To ensure the SSH idle timeout will occur when the "ClientAliveCountMax" is set, run the following command:

# grep ClientAliveCountMax /etc/ssh/sshd_config

If properly configured, output should be:

ClientAliveCountMax 0


If it is not, this is a finding.

Vulnerability Number

V-38610

Documentable

False

Rule Version

RHEL-06-000231

Severity Override Guidance

To ensure the SSH idle timeout will occur when the "ClientAliveCountMax" is set, run the following command:

# grep ClientAliveCountMax /etc/ssh/sshd_config

If properly configured, output should be:

ClientAliveCountMax 0


If it is not, this is a finding.

Check Content Reference

M

Target Key

2367

Comments