The macOS system must be configured with the SSH daemon LoginGraceTime set to 30 or less.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-230766 | APPL-11-000053 | SV-230766r599842_rule | Medium |
| Description |
|---|
| If SSH is not being used, this is Not Applicable. The SSH daemon "LoginGraceTime" must be set correctly. To check the amount of time that a user can log on through SSH, run the following command: /usr/bin/grep ^LoginGraceTime /etc/ssh/sshd_config If the value is not set to "30" or less, this is a finding. |
| STIG | Date |
|---|---|
| Apple macOS 11 (Big Sur) Security Technical Implementation Guide | 2021-03-29 |
Details
| Check Text ( C-33711r607185_chk ) |
|---|
| The SSH daemon "LoginGraceTime" must be set correctly. To check the amount of time that a user can log on through SSH, run the following command: /usr/bin/grep ^LoginGraceTime /etc/ssh/sshd_config If the value is not set to "30" or less, this is a finding. |
| Fix Text (F-33684r607186_fix) |
|---|
| To ensure that "LoginGraceTime" is configured correctly, run the following command: /usr/bin/sudo /usr/bin/sed -i.bak 's/.*LoginGraceTime.*/LoginGraceTime 30/' /etc/ssh/sshd_config |