Check: RHEL-08-010830
RHEL 8 STIG:
RHEL-08-010830
(in version v1 r14)
Title
RHEL 8 must not allow users to override SSH environment variables. (Cat II impact)
Discussion
SSH environment options potentially allow users to bypass access restriction in some configurations.
Check Content
Verify that unattended or automatic logon via ssh is disabled with the following command: $ sudo /usr/sbin/sshd -dd 2>&1 | awk '/filename/ {print $4}' | tr -d '\r' | tr '\n' ' ' | xargs sudo grep -iH '^\s*permituserenvironment' PermitUserEnvironment no If "PermitUserEnvironment" is set to "yes", is missing completely, or is commented out, this is a finding. If conflicting results are returned, this is a finding.
Fix Text
Configure RHEL 8 to allow the SSH daemon to not allow unattended or automatic logon to the system. Add or edit the following line in the "/etc/ssh/sshd_config" file: PermitUserEnvironment no The SSH daemon must be restarted for the changes to take effect. To restart the SSH daemon, run the following command: $ sudo systemctl restart sshd.service
Additional Identifiers
Rule ID: SV-230330r951610_rule
Vulnerability ID: V-230330
Group Title: SRG-OS-000480-GPOS-00229
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000366 |
The organization implements the security configuration settings. |
Controls
Number | Title |
---|---|
CM-6 |
Configuration Settings |