STIGQter: STIG Summary: SLES 12 Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:

The SUSE operating system SSH daemon must be configured with a timeout interval.

DISA Rule

SV-217272r603262_rule

Vulnerability Number

V-217272

Group Title

SRG-OS-000126-GPOS-00066

Rule Version

SLES-12-030190

Severity

CAT II

CCI(s)

• CCI-000879 - The organization terminates sessions and network connections when nonlocal maintenance is completed.
• CCI-001133 - The information system terminates the network connection associated with a communications session at the end of the session or after an organization-defined time period of inactivity.
• CCI-002361 - The information system automatically terminates a user session after organization-defined conditions or trigger events requiring session disconnect.

Weight

10

Fix Recommendation

Configure the SUSE operating system SSH daemon to timeout idle sessions.

Add or modify (to match exactly) the following line in the "/etc/ssh/sshd_config" file:

ClientAliveInterval 600

The SSH daemon must be restarted in order for any changes to take effect.

Check Contents

Verify the SUSE operating system SSH daemon is configured to timeout idle sessions.

Check that the "ClientAliveInterval" parameter is set to a value of "600" with the following command:

# sudo grep -i clientalive /etc/ssh/sshd_config
ClientAliveInterval 600

If "ClientAliveInterval" is not set to "600" in "/etc/ssh/sshd_config", this is a finding.

Vulnerability Number

V-217272

Documentable

False

Rule Version

SLES-12-030190

Severity Override Guidance

Verify the SUSE operating system SSH daemon is configured to timeout idle sessions.

Check that the "ClientAliveInterval" parameter is set to a value of "600" with the following command:

# sudo grep -i clientalive /etc/ssh/sshd_config
ClientAliveInterval 600

If "ClientAliveInterval" is not set to "600" in "/etc/ssh/sshd_config", this is a finding.

Check Content Reference

M

Target Key

4033

Comments