Title

The operating system must terminate the network connection associated with a communications session at the end of the session or after 10 minutes of inactivity. (Cat III impact)

Discussion

This requirement applies to both internal and external networks. Terminating network connections associated with communications sessions means de-allocating associated TCP/IP address/port pairs at the operating system level. The time period of inactivity may, as the organization deems necessary, be a set of time periods by type of network access or for specific accesses.

Check Content

Determine if SSH is configured to disconnect sessions after 10 minutes of inactivity. # grep ClientAlive /etc/ssh/sshd_config If the output of this command is not: ClientAliveInterval 600 ClientAliveCountMax 0 this is a finding.

Fix Text

The root role is required. Configure the system to disconnect SSH sessions after 10 minutes of inactivity. Modify the sshd_config file: # pfedit /etc/ssh/sshd_config Modify or add the lines containing: ClientAliveInterval ClientAliveCountMax Change them to: ClientAliveInterval 600 ClientAliveCountMax 0 Restart the SSH service: # svcadm restart svc:/network/ssh

Additional Identifiers

Rule ID: SV-216119r603268_rule

Vulnerability ID: V-216119

Group Title: SRG-OS-000163

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.