Check: RHEL-09-255085
RHEL 9 STIG:
RHEL-09-255085
(in version v1 r1)
Title
RHEL 9 must not allow users to override SSH environment variables. (Cat II impact)
Discussion
SSH environment options potentially allow users to bypass access restriction in some configurations.
Check Content
Verify that unattended or automatic logon via SSH is disabled with the following command: $ sudo grep -i permituserenvironment /etc/ssh/sshd_config PermitUserEnvironment no If "PermitUserEnvironment" is set to "yes", is missing completely, or is commented out, this is a finding. If the required value is not set, this is a finding.
Fix Text
Configure the RHEL 9 SSH daemon to not allow unattended or automatic logon to the system. Add or edit the following line in the "/etc/ssh/sshd_config" file: PermitUserEnvironment no Restart the SSH daemon for the setting to take effect: $ sudo systemctl restart sshd.service
Additional Identifiers
Rule ID: SV-257993r925966_rule
Vulnerability ID: V-257993
Group Title: SRG-OS-000480-GPOS-00229
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000366 |
The organization implements the security configuration settings. |
Controls
Number | Title |
---|---|
CM-6 |
Configuration Settings |