Check: ESXI-65-000027
VMware vSphere 6.5 ESXi STIG:
ESXI-65-000027
(in versions v2 r4 through v1 r1)
Title
The ESXi hostSSH daemon must set a timeout interval on idle sessions. (Cat III impact)
Discussion
Causing idle users to be automatically logged out guards against compromises one system leading trivially to compromises on another.
Check Content
From an SSH session connected to the ESXi host, or from the ESXi shell, run the following command: # grep -i "^ClientAliveInterval" /etc/ssh/sshd_config If there is no output or the output is not exactly "ClientAliveInterval 200", this is a finding.
Fix Text
From an SSH session connected to the ESXi host, or from the ESXi shell, add or correct the following line in "/etc/ssh/sshd_config": ClientAliveInterval 200
Additional Identifiers
Rule ID: SV-207628r388482_rule
Vulnerability ID: V-207628
Group Title: SRG-OS-000480-VMM-002000
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000366 |
The organization implements the security configuration settings. |
Controls
Number | Title |
---|---|
CM-6 |
Configuration Settings |