STIGQter STIGQter: STIG Summary: Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 10 Mar 2021:

The Ubuntu operating system must immediately terminate all network connections associated with SSH traffic after a period of inactivity.

DISA Rule

SV-238212r653811_rule

Vulnerability Number

V-238212

Group Title

SRG-OS-000126-GPOS-00066

Rule Version

UBTU-20-010036

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure the Ubuntu operating system to automatically terminate inactive SSH sessions after a period of inactivity.

Modify or append the following line in the "/etc/ssh/sshd_config" file, replacing "[Count]" with a value of 1:

ClientAliveCountMax 1

Restart the SSH daemon for the changes to take effect:

$ sudo systemctl restart sshd.service

Check Contents

Verify that all network connections associated with SSH traffic automatically terminate after a period of inactivity.

Verify the "ClientAliveCountMax" variable is set in the "/etc/ssh/sshd_config" file by performing the following command:

$ sudo grep -i clientalivecountmax /etc/ssh/sshd_config

ClientAliveCountMax 1

If "ClientAliveCountMax" is not set, is not set to "1", or is commented out, this is a finding.

Vulnerability Number

V-238212

Documentable

False

Rule Version

UBTU-20-010036

Severity Override Guidance

Verify that all network connections associated with SSH traffic automatically terminate after a period of inactivity.

Verify the "ClientAliveCountMax" variable is set in the "/etc/ssh/sshd_config" file by performing the following command:

$ sudo grep -i clientalivecountmax /etc/ssh/sshd_config

ClientAliveCountMax 1

If "ClientAliveCountMax" is not set, is not set to "1", or is commented out, this is a finding.

Check Content Reference

M

Target Key

5318

Comments