Detections
Analytics
RHEL-08-010200 - RHEL 8 must be configured so that all network connections associated with SSH traffic are terminated at the end of the session or after 10 minutes of inactivity, except to fulfill documented and validated mission requirements.
Warning! Audit Deprecated
This audit has been deprecated and will be removed in a future update.
View Next Audit VersionInformation
Terminating an idle SSH session within a short time period reduces the window of opportunity for unauthorized personnel to take control of a management session enabled on the console or console port that has been left unattended. In addition, quickly terminating an idle SSH session will also free up resources committed by the managed network element.Terminating network connections associated with communications sessions includes, for example, de-allocating associated TCP/IP address/port pairs at the operating system level and de-allocating networking assignments at the application level if multiple application sessions are using a single operating system-level network connection. This does not mean that the operating system terminates all sessions or network access; it only ends the inactive session and releases the resources associated with that session.
RHEL 8 utilizes /etc/ssh/sshd_config for configurations of OpenSSH. Within the sshd_config the product of the values of 'ClientAliveInterval' and 'ClientAliveCountMax' are used to establish the inactivity threshold. The 'ClientAliveInterval' is a timeout interval in seconds after which if no data has been received from the client, sshd will send a message through the encrypted channel to request a response from the client. The 'ClientAliveCountMax' is the number of client alive messages that may be sent without sshd receiving any messages back from the client. If this threshold is met, sshd will disconnect the client. For more information on these settings and others, refer to the sshd_config man pages.
Satisfies: SRG-OS-000163-GPOS-00072, SRG-OS-000126-GPOS-00066, SRG-OS-000279-GPOS-00109
Solution
Configure RHEL 8 to automatically terminate all network connections associated with SSH traffic at the end of a session or after 10 minutes of inactivity.Modify or append the following lines in the '/etc/ssh/sshd_config' file:
ClientAliveCountMax 0
In order for the changes to take effect, the SSH daemon must be restarted.
$ sudo systemctl restart sshd.service
See Also
https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_RHEL_8_V1R5_STIG.zip
Item Details
Audit Name: DISA Red Hat Enterprise Linux 8 STIG v1r5
References: CAT|II, CCI|CCI-001133, Rule-ID|SV-230244r743934_rule, STIG-ID|RHEL-08-010200, Vuln-ID|V-230244
Plugin: Unix
Control ID: 139bf6cb5e26cc39d604a1a9c4694029b7ea4c1e31e875b2d3a0c935b5a84ef1