STIGQter: STIG Summary: SLES 12 Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:

The SUSE operating system must log SSH connection attempts and failures to the server.

DISA Rule

SV-217265r603262_rule

Vulnerability Number

V-217265

Group Title

SRG-OS-000032-GPOS-00013

Rule Version

SLES-12-030110

Severity

CAT II

CCI(s)

• CCI-000067 - The information system monitors remote access methods.

Weight

10

Fix Recommendation

Configure SSH to verbosely log connection attempts and failed logon attempts to the SUSE operating system.

Add or update the following line in the "/etc/ssh/sshd_config" file:

LogLevel VERBOSE


The SSH service will need to be restarted in order for the changes to take effect:

# systemctl restart sshd

Check Contents

Verify SSH is configured to verbosely log connection attempts and failed logon attempts to the SUSE operating system.

Check that the SSH daemon configuration verbosely logs connection attempts and failed logon attempts to the server with the following command:

# sudo grep -i loglevel /etc/ssh/sshd_config

The output message must contain the following text:

LogLevel VERBOSE

If "LogLevel" is not set to "VERBOSE" or "INFO", the LogLevel keyword is missing, or the line is commented out, this is a finding.

Vulnerability Number

V-217265

Documentable

False

Rule Version

SLES-12-030110

Severity Override Guidance

Verify SSH is configured to verbosely log connection attempts and failed logon attempts to the SUSE operating system.

Check that the SSH daemon configuration verbosely logs connection attempts and failed logon attempts to the server with the following command:

# sudo grep -i loglevel /etc/ssh/sshd_config

The output message must contain the following text:

LogLevel VERBOSE

If "LogLevel" is not set to "VERBOSE" or "INFO", the LogLevel keyword is missing, or the line is commented out, this is a finding.

Check Content Reference

M

Target Key

4033

Comments