PHTN-30-000006 - The Photon operating system must have the sshd SyslogFacility set to 'authpriv' - authpriv.

Information

Automated monitoring of remote access sessions allows organizations to detect cyberattacks and ensure ongoing compliance with remote access policies by auditing connection activities.

Solution

Navigate to and open:

/etc/ssh/sshd_config

Ensure the 'SyslogFacility' line is uncommented and set to the following:

SyslogFacility AUTHPRIV

At the command line, run the following command:

# systemctl restart sshd.service

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_VMW_vSphere_7-0_Y25M01_STIG.zip

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-17(1), CAT|II, CCI|CCI-000067, Rule-ID|SV-256483r958406_rule, STIG-ID|PHTN-30-000006, Vuln-ID|V-256483

Plugin: Unix

Control ID: 7606c661dcd4197ef2f541dbdc7824040961f7eaf6865d876fc97ff12885c08e