STIGQter: STIG Summary: Oracle Linux 6 Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:

The SSH daemon must set a timeout count on idle sessions.

DISA Rule

SV-208922r603263_rule

Vulnerability Number

V-208922

Group Title

SRG-OS-000126

Rule Version

OL6-00-000231

Severity

CAT III

CCI(s)

CCI-000879 - The organization terminates sessions and network connections when nonlocal maintenance is completed.

Weight

Fix Recommendation

To ensure the SSH idle timeout occurs precisely when the "ClientAliveCountMax" is set, edit "/etc/ssh/sshd_config" as follows:

ClientAliveCountMax 0

Check Contents

To ensure the SSH idle timeout will occur when the "ClientAliveCountMax" is set, run the following command:

# grep ClientAliveCountMax /etc/ssh/sshd_config

If properly configured, output should be:

ClientAliveCountMax 0

If it is not, this is a finding.

Vulnerability Number

V-208922

Documentable

False

Rule Version

OL6-00-000231

Severity Override Guidance

Check Content Reference

Target Key

2928

The SSH daemon must set a timeout count on idle sessions.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments