Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The SSH daemon ClientAliveCountMax option must be set correctly.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-51351 | OSX8-00-00720 | SV-65561r1_rule | Medium |
| Description |
|---|
| This requirement applies to both internal and external networks. Terminating network connections associated with communications sessions means de-allocating associated TCP/IP address/port pairs at the operating system level. The time period of inactivity may, as the organization deems necessary, be a set of time periods by type of network access or for specific accesses. |
| STIG | Date |
|---|---|
| Apple OS X 10.8 (Mountain Lion) Workstation STIG | 2015-02-10 |
Details
| Check Text ( C-53695r1_chk ) |
|---|
| To ensure the SSH idle timeout will occur when the "ClientAliveCountMax" is set, run the following command: grep ClientAliveCountMax /etc/sshd_config If the setting is commented out, or not "ClientAliveCountMax 0", this is a finding. |
| Fix Text (F-56151r1_fix) |
|---|
| In order to make sure that the SSH idle timeout occurs precisely when the "ClientAliveCountMax" is set, run the following command: sudo sed -i.bak 's/.*ClientAliveCountMax.*/ClientAliveCountMax 0/' /etc/sshd_config . |