Revision 1.3Mar 1, 2021
Functional Update
- 5.2.10 Ensure SSH root login is disabled
- 5.2.11 Ensure SSH PermitEmptyPasswords is disabled
- 5.2.12 Ensure SSH PermitUserEnvironment is disabled
- 5.2.13 Ensure only strong Ciphers are used - approved ciphers
- 5.2.13 Ensure only strong Ciphers are used - weak ciphers
- 5.2.14 Ensure only strong MAC algorithms are used - approved MACs
- 5.2.14 Ensure only strong MAC algorithms are used - weak MACs
- 5.2.15 Ensure only strong Key Exchange algorithms are used - approved algorithms
- 5.2.15 Ensure only strong Key Exchange algorithms are used - weak algorithms
- 5.2.16 Ensure SSH Idle Timeout Interval is configured - ClientAliveCountMax
- 5.2.16 Ensure SSH Idle Timeout Interval is configured - ClientAliveInterval
- 5.2.17 Ensure SSH LoginGraceTime is set to one minute or less
- 5.2.18 Ensure SSH warning banner is configured
- 5.2.19 Ensure SSH PAM is enabled
- 5.2.21 Ensure SSH MaxStartups is configured
- 5.2.22 Ensure SSH MaxSessions is limited
- 5.2.4 Ensure SSH access is limited
- 5.2.5 Ensure SSH LogLevel is appropriate
- 5.2.7 Ensure SSH MaxAuthTries is set to 4 or less
- 5.2.8 Ensure SSH IgnoreRhosts is enabled
- 5.2.9 Ensure SSH HostbasedAuthentication is disabled
- 5.6 Ensure access to the su command is restricted