Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The macOS system must be configured with the SSH daemon LoginGraceTime set to 30 or less.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-230766 | APPL-11-000053 | SV-230766r599842_rule | Medium |
| Description |
|---|
| If SSH is not being used, this is Not Applicable. The SSH daemon "LoginGraceTime" must be set correctly. To check the amount of time that a user can log on through SSH, run the following command: /usr/bin/grep ^LoginGraceTime /etc/ssh/sshd_config If the value is not set to "30" or less, this is a finding. |
| STIG | Date |
|---|---|
| Apple macOS 11 (Big Sur) Security Technical Implementation Guide | 2020-11-27 |
Details
| Check Text ( C-33711r591420_chk ) |
|---|
| The SSH daemon "LoginGraceTime" must be set correctly. To check the amount of time that a user can log on through SSH, run the following command: /usr/bin/grep ^LoginGraceTime /etc/ssh/sshd_config If the value is not set to "30" or less, this is a finding. |
| Fix Text (F-33684r591421_fix) |
|---|
| To ensure that "LoginGraceTime" is configured correctly, run the following command: /usr/bin/sudo /usr/bin/sed -i.bak 's/.*LoginGraceTime.*/LoginGraceTime 30/' /etc/ssh/sshd_config |