Check: AOSX-14-000050
Apple OS X 10.14 (Mojave) STIG:
AOSX-14-000050
(in versions v2 r6 through v1 r1)
Title
The macOS system must limit the number of concurrent SSH sessions to 10 for all accounts and/or account types. (Cat II impact)
Discussion
Operating system management includes the ability to control the number of users and user sessions that utilize an operating system. Limiting the number of allowed users and sessions per user is helpful in reducing the risks related to DoS attacks. This requirement addresses concurrent sessions for information system accounts and does not address concurrent sessions by single users via multiple system accounts. The maximum number of concurrent sessions should be defined based upon mission needs and the operational environment for each system.
Check Content
To verify that SSHD is limited to 10 sessions, use the following command: /bin/cat /etc/ssh/sshd_config | grep MaxSessions The command must return "MaxSessions 10". If it returns null, or a commented value, or the value is greater than "10", this is a finding.
Fix Text
To configure SSHD to limit the number of sessions, use the following command: /usr/bin/sudo /usr/bin/sed -i.bak 's/^[\#]*MaxSessions.*/MaxSessions 10/' /etc/ssh/sshd_config
Additional Identifiers
Rule ID: SV-209545r610285_rule
Vulnerability ID: V-209545
Group Title: SRG-OS-000027-GPOS-00008
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000054 |
The information system limits the number of concurrent sessions for each organization-defined account and/or account type to an organization-defined number of sessions. |
Controls
Number | Title |
---|---|
AC-10 |
Concurrent Session Control |