Skip to content

Commit

Permalink
Merge pull request #12091 from yuumasato/sshd_set_timeout_and_keepalive
Browse files Browse the repository at this point in the history 
OCPBUGS-33945: select required SSHD timeout rule
  • Loading branch information
@rhmdnd
rhmdnd authored Jun 28, 2024
2 parents 0514b2f + 53fbc4f commit 62a499f
Show file tree
Hide file tree
Showing 9 changed files with 69 additions and 21 deletions.
10 changes: 5 additions & 5 deletions controls/nist_rhcos4.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -260,7 +260,7 @@ controls:
rules:
- sshd_set_idle_timeout
- var_sshd_set_keepalive=0
- sshd_set_keepalive_0
- sshd_set_keepalive
description: |-
The organization requires that users log out when [Assignment: organization-defined time-period of expected inactivity or description of when to log out].

Expand Down Expand Up @@ -1405,7 +1405,7 @@ controls:
rules:
- sshd_set_idle_timeout
- var_sshd_set_keepalive=0
- sshd_set_keepalive_0
- sshd_set_keepalive
description: "The information system automatically terminates a user session after\
\ [Assignment: organization-defined conditions or trigger events requiring session\
\ disconnect].\n\nSupplemental Guidance: This control addresses the termination\
Expand Down Expand Up @@ -1588,7 +1588,7 @@ controls:
- configure_openssl_crypto_policy
- file_permissions_sshd_config
- var_sshd_set_keepalive=0
- sshd_set_keepalive_0
- sshd_set_keepalive
- var_system_crypto_policy=fips
- configure_crypto_policy
- sshd_set_idle_timeout
Expand Down Expand Up @@ -5110,7 +5110,7 @@ controls:
- audit_rules_unsuccessful_file_modification_removexattr
- audit_rules_etc_gshadow_openat
- var_sshd_set_keepalive=0
- sshd_set_keepalive_0
- sshd_set_keepalive
- partition_for_var_log_audit
- auditd_data_retention_space_left
- coreos_page_poison_kernel_argument
Expand Down Expand Up @@ -13213,7 +13213,7 @@ controls:
rules:
- sshd_set_idle_timeout
- var_sshd_set_keepalive=0
- sshd_set_keepalive_0
- sshd_set_keepalive
description: |-
The information system terminates the network connection associated with a communications session at the end of the session or after [Assignment: organization-defined time period] of inactivity.
Supplemental Guidance: This control applies to both internal and external networks. Terminating network connections associated with communications sessions include, for example, de-allocating associated TCP/IP address/port pairs at the operating system level, or de-allocating networking assignments at the application level if multiple application sessions are using a single, operating system-level network connection. Time periods of inactivity may be established by organizations and include, for example, time periods by type of network access or for specific network accesses.
Expand Down
10 changes: 8 additions & 2 deletions tests/assertions/ocp4/rhcos4-high-4.13.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -617,7 +617,10 @@ rule_results:
e2e-high-master-sshd-limit-user-access:
default_result: FAIL
result_after_remediation: FAIL
e2e-high-master-sshd-set-keepalive-0:
e2e-high-master-sshd-set-idle-timeout:
default_result: FAIL
result_after_remediation: PASS
e2e-high-master-sshd-set-keepalive:
default_result: FAIL
result_after_remediation: PASS
e2e-high-master-sysctl-fs-protected-hardlinks:
Expand Down Expand Up @@ -1340,7 +1343,10 @@ rule_results:
e2e-high-worker-sshd-limit-user-access:
default_result: FAIL
result_after_remediation: FAIL
e2e-high-worker-sshd-set-keepalive-0:
e2e-high-worker-sshd-set-idle-timeout:
default_result: FAIL
result_after_remediation: PASS
e2e-high-worker-sshd-set-keepalive:
default_result: FAIL
result_after_remediation: PASS
e2e-high-worker-sysctl-fs-protected-hardlinks:
Expand Down
10 changes: 8 additions & 2 deletions tests/assertions/ocp4/rhcos4-high-4.14.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -617,7 +617,10 @@ rule_results:
e2e-high-master-sshd-limit-user-access:
default_result: FAIL
result_after_remediation: FAIL
e2e-high-master-sshd-set-keepalive-0:
e2e-high-master-sshd-set-idle-timeout:
default_result: FAIL
result_after_remediation: PASS
e2e-high-master-sshd-set-keepalive:
default_result: FAIL
result_after_remediation: PASS
e2e-high-master-sysctl-fs-protected-hardlinks:
Expand Down Expand Up @@ -1340,7 +1343,10 @@ rule_results:
e2e-high-worker-sshd-limit-user-access:
default_result: FAIL
result_after_remediation: FAIL
e2e-high-worker-sshd-set-keepalive-0:
e2e-high-worker-sshd-set-idle-timeout:
default_result: FAIL
result_after_remediation: PASS
e2e-high-worker-sshd-set-keepalive:
default_result: FAIL
result_after_remediation: PASS
e2e-high-worker-sysctl-fs-protected-hardlinks:
Expand Down
10 changes: 8 additions & 2 deletions tests/assertions/ocp4/rhcos4-high-4.15.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -612,7 +612,10 @@ rule_results:
result_after_remediation: PASS
e2e-high-master-sshd-limit-user-access:
default_result: FAIL
e2e-high-master-sshd-set-keepalive-0:
e2e-high-master-sshd-set-idle-timeout:
default_result: FAIL
result_after_remediation: PASS
e2e-high-master-sshd-set-keepalive:
default_result: FAIL
result_after_remediation: PASS
e2e-high-master-sysctl-fs-protected-hardlinks:
Expand Down Expand Up @@ -1329,7 +1332,10 @@ rule_results:
result_after_remediation: PASS
e2e-high-worker-sshd-limit-user-access:
default_result: FAIL
e2e-high-worker-sshd-set-keepalive-0:
e2e-high-worker-sshd-set-idle-timeout:
default_result: FAIL
result_after_remediation: PASS
e2e-high-worker-sshd-set-keepalive:
default_result: FAIL
result_after_remediation: PASS
e2e-high-worker-sysctl-fs-protected-hardlinks:
Expand Down
10 changes: 8 additions & 2 deletions tests/assertions/ocp4/rhcos4-high-4.16.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -612,7 +612,10 @@ rule_results:
result_after_remediation: PASS
e2e-high-master-sshd-limit-user-access:
default_result: FAIL
e2e-high-master-sshd-set-keepalive-0:
e2e-high-master-sshd-set-idle-timeout:
default_result: FAIL
result_after_remediation: PASS
e2e-high-master-sshd-set-keepalive:
default_result: FAIL
result_after_remediation: PASS
e2e-high-master-sysctl-fs-protected-hardlinks:
Expand Down Expand Up @@ -1329,7 +1332,10 @@ rule_results:
result_after_remediation: PASS
e2e-high-worker-sshd-limit-user-access:
default_result: FAIL
e2e-high-worker-sshd-set-keepalive-0:
e2e-high-worker-sshd-set-idle-timeout:
default_result: FAIL
result_after_remediation: PASS
e2e-high-worker-sshd-set-keepalive:
default_result: FAIL
result_after_remediation: PASS
e2e-high-worker-sysctl-fs-protected-hardlinks:
Expand Down
10 changes: 8 additions & 2 deletions tests/assertions/ocp4/rhcos4-moderate-4.13.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -609,7 +609,10 @@ rule_results:
result_after_remediation: PASS
e2e-moderate-master-sshd-limit-user-access:
default_result: FAIL
e2e-moderate-master-sshd-set-keepalive-0:
e2e-moderate-master-sshd-set-idle-timeout:
default_result: FAIL
result_after_remediation: PASS
e2e-moderate-master-sshd-set-keepalive:
default_result: FAIL
result_after_remediation: PASS
e2e-moderate-master-sysctl-fs-protected-hardlinks:
Expand Down Expand Up @@ -1323,7 +1326,10 @@ rule_results:
result_after_remediation: PASS
e2e-moderate-worker-sshd-limit-user-access:
default_result: FAIL
e2e-moderate-worker-sshd-set-keepalive-0:
e2e-moderate-worker-sshd-set-idle-timeout:
default_result: FAIL
result_after_remediation: PASS
e2e-moderate-worker-sshd-set-keepalive:
default_result: FAIL
result_after_remediation: PASS
e2e-moderate-worker-sysctl-fs-protected-hardlinks:
Expand Down
10 changes: 8 additions & 2 deletions tests/assertions/ocp4/rhcos4-moderate-4.14.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -609,7 +609,10 @@ rule_results:
result_after_remediation: PASS
e2e-moderate-master-sshd-limit-user-access:
default_result: FAIL
e2e-moderate-master-sshd-set-keepalive-0:
e2e-moderate-master-sshd-set-idle-timeout:
default_result: FAIL
result_after_remediation: PASS
e2e-moderate-master-sshd-set-keepalive:
default_result: FAIL
result_after_remediation: PASS
e2e-moderate-master-sysctl-fs-protected-hardlinks:
Expand Down Expand Up @@ -1323,7 +1326,10 @@ rule_results:
result_after_remediation: PASS
e2e-moderate-worker-sshd-limit-user-access:
default_result: FAIL
e2e-moderate-worker-sshd-set-keepalive-0:
e2e-moderate-worker-sshd-set-idle-timeout:
default_result: FAIL
result_after_remediation: PASS
e2e-moderate-worker-sshd-set-keepalive:
default_result: FAIL
result_after_remediation: PASS
e2e-moderate-worker-sysctl-fs-protected-hardlinks:
Expand Down
10 changes: 8 additions & 2 deletions tests/assertions/ocp4/rhcos4-moderate-4.15.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -609,7 +609,10 @@ rule_results:
result_after_remediation: PASS
e2e-moderate-master-sshd-limit-user-access:
default_result: FAIL
e2e-moderate-master-sshd-set-keepalive-0:
e2e-moderate-master-sshd-set-idle-timeout:
default_result: FAIL
result_after_remediation: PASS
e2e-moderate-master-sshd-set-keepalive:
default_result: FAIL
result_after_remediation: PASS
e2e-moderate-master-sysctl-fs-protected-hardlinks:
Expand Down Expand Up @@ -1323,7 +1326,10 @@ rule_results:
result_after_remediation: PASS
e2e-moderate-worker-sshd-limit-user-access:
default_result: FAIL
e2e-moderate-worker-sshd-set-keepalive-0:
e2e-moderate-worker-sshd-set-idle-timeout:
default_result: FAIL
result_after_remediation: PASS
e2e-moderate-worker-sshd-set-keepalive:
default_result: FAIL
result_after_remediation: PASS
e2e-moderate-worker-sysctl-fs-protected-hardlinks:
Expand Down
10 changes: 8 additions & 2 deletions tests/assertions/ocp4/rhcos4-moderate-4.16.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -609,7 +609,10 @@ rule_results:
result_after_remediation: PASS
e2e-moderate-master-sshd-limit-user-access:
default_result: FAIL
e2e-moderate-master-sshd-set-keepalive-0:
e2e-moderate-master-sshd-set-idle-timeout:
default_result: FAIL
result_after_remediation: PASS
e2e-moderate-master-sshd-set-keepalive:
default_result: FAIL
result_after_remediation: PASS
e2e-moderate-master-sysctl-fs-protected-hardlinks:
Expand Down Expand Up @@ -1323,7 +1326,10 @@ rule_results:
result_after_remediation: PASS
e2e-moderate-worker-sshd-limit-user-access:
default_result: FAIL
e2e-moderate-worker-sshd-set-keepalive-0:
e2e-moderate-worker-sshd-set-idle-timeout:
default_result: FAIL
result_after_remediation: PASS
e2e-moderate-worker-sshd-set-keepalive:
default_result: FAIL
result_after_remediation: PASS
e2e-moderate-worker-sysctl-fs-protected-hardlinks:
Expand Down

0 comments on commit 62a499f

Please sign in to comment.