Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The SSH daemon ClientAliveInterval option must be set correctly.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-51347 | OSX8-00-00715 | SV-65557r1_rule | Medium |
| Description |
|---|
| This requirement applies to both internal and external networks. Terminating network connections associated with communications sessions means de-allocating associated TCP/IP address/port pairs at the operating system level. The time period of inactivity may, as the organization deems necessary, be a set of time periods by type of network access or for specific accesses. |
| STIG | Date |
|---|---|
| Apple OS X 10.8 (Mountain Lion) Workstation STIG | 2015-02-10 |
Details
| Check Text ( C-53693r1_chk ) |
|---|
| To check which the idle timeout setting for SSH sessions, run the following: grep ClientAliveInterval /etc/sshd_config If these setting is not "600", or commented out, this is a finding. |
| Fix Text (F-56145r1_fix) |
|---|
| In order to make sure that the correct ClientAliveInterval is set correctly, run the following command: sudo sed -i.bak 's/.*ClientAliveInterval.*/ClientAliveInterval 600/' /etc/sshd_config |