sshd_set_keepalive is misaligned with DISA STIG
#12573
Comments
mildas
added
RHEL9
|
We are out of aliment based the text "If "ClientAliveCountMax" does not exist, is not set to a value of "1" in "/etc/ssh/sshd_config", or is commented out, this is a finding." The STIG requires it to be in the main file, not drop in files See https://stigaview.com/products/rhel9/v2r2/RHEL-09-255095/ |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description of problem:
sshd_set_keepaliveis misaligned with DISA'sxccdf_mil.disa.stig_rule_SV-257995r970703_rule.Content uses distributed config and puts it to different file than DISA expects.
For SSG, the rule passes, because it finds remediated
ClientAliveCountMax 1in/etc/ssh/sshd_config.d/00-complianceascode-hardening.confDISA fails, because it searches only for
ClientAliveCountMax 1in/etc/ssh/sshd_configfile.SCAP Security Guide Version:
latest master
Operating System Version:
RHEL 9
Actual Results:
SSG and DISA rules are misaligned.
Expected Results:
SSG is aligned with DISA.
The text was updated successfully, but these errors were encountered: