An error occurred:

Check: RHEL-06-000231

Red Hat Enterprise Linux 6 STIG: RHEL-06-000231 (in versions v2 r2 through v1 r14)

Title

The SSH daemon must set a timeout count on idle sessions. (Cat III impact)

Discussion

This ensures a user login will be terminated as soon as the "ClientAliveCountMax" is reached.

Check Content

To ensure the SSH idle timeout will occur when the "ClientAliveCountMax" is set, run the following command: # grep ClientAliveCountMax /etc/ssh/sshd_config If properly configured, output should be: ClientAliveCountMax 0 If it is not, this is a finding.

Fix Text

To ensure the SSH idle timeout occurs precisely when the "ClientAliveCountMax" is set, edit "/etc/ssh/sshd_config" as follows: ClientAliveCountMax 0

Additional Identifiers

Rule ID: SV-217997r603264_rule

Vulnerability ID: V-217997

Group Title: SRG-OS-000126

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-000879

The organization terminates sessions and network connections when nonlocal maintenance is completed.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
MA-4

Nonlocal Maintenance