updated: Ensure SSH Idle Timeout Interval is configured

Signed-off-by: Manuel Weber <[email protected]>
mondoohq · Nov 23, 2023 · ab4fabf · ab4fabf
1 parent 9a5f974
commit ab4fabf
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/core/mondoo-linux-security.mql.yaml b/core/mondoo-linux-security.mql.yaml
@@ -2485,15 +2485,15 @@ queries:
     impact: 60
     mql: |
       sshd.config.params["ClientAliveInterval"] >= 1
-      sshd.config.params["ClientAliveInterval"] <= 900
+      sshd.config.params["ClientAliveInterval"] <= 300
       sshd.config.params["ClientAliveCountMax"] = 0
     docs:
       desc: The two options `ClientAliveInterval` and `ClientAliveCountMax` control the timeout of ssh sessions. When the `ClientAliveInterval` variable is set, ssh sessions that have no activity for the specified length of time are terminated. When the `ClientAliveCountMax` variable is set, `sshd` will send client alive messages at every `ClientAliveInterval` interval. When the number of consecutive client alive messages are sent with no response from the client, the `ssh` session is terminated. For example, if the `ClientAliveInterval` is set to 15 seconds and the `ClientAliveCountMax` is set to 3, the client `ssh` session will be terminated after 45 seconds of idle time.
       remediation: |-
         Edit the `/etc/ssh/sshd_config` file to set the `ClientAliveInterval` and `ClientAliveCountMax` parameters according to site policy:
 
         ```
-        ClientAliveInterval no greater than 900 seconds(15 minutes)
+        ClientAliveInterval no greater than 300 seconds(15 minutes)
         ClientAliveCountMax 0
         ```
   - uid: mondoo-linux-security-ssh-logingracetime-is-set-to-one-minute-or-less