Skip to content

Guide to the Secure Configuration of Alibaba Cloud Linux 2

Rules, Groups, and Values defined within the XCCDF Benchmark

  • Enable SSH Print Last Log

    Ensure that SSH will display the date and time of the last successful account logon. <br> The default SSH configuration enables print of the date a...
    Rule Medium Severity
  • Force frequent session key renegotiation

    The <code>RekeyLimit</code> parameter specifies how often the session key of the is renegotiated, both in terms of amount of data that may be trans...
    Rule Medium Severity
  • Ensure SSH LoginGraceTime is configured

    The <code>LoginGraceTime</code> parameter to the SSH server specifies the time allowed for successful authentication to the SSH server. The longer ...
    Rule Medium Severity
  • Set LogLevel to INFO

    The INFO parameter specifices that record login and logout activity will be logged. <br> The default SSH configuration sets the log level to INFO. ...
    Rule Low Severity
  • Set SSH Daemon LogLevel to VERBOSE

    The <code>VERBOSE</code> parameter configures the SSH daemon to record login and logout activity. To specify the log level in SSH, add or correct t...
    Rule Medium Severity
  • Set SSH authentication attempt limit

    The <code>MaxAuthTries</code> parameter specifies the maximum number of authentication attempts permitted per connection. Once the number of failur...
    Rule Medium Severity
  • Set SSH MaxSessions limit

    The <code>MaxSessions</code> parameter specifies the maximum number of open sessions permitted from a given connection. To set MaxSessions edit <co...
    Rule Medium Severity
  • Ensure SSH MaxStartups is configured

    The MaxStartups parameter specifies the maximum number of concurrent unauthenticated connections to the SSH daemon. Additional connections will be ...
    Rule Medium Severity
  • Use Only FIPS 140-2 Validated Ciphers

    Limit the ciphers to those algorithms which are FIPS-approved. Counter (CTR) mode is also preferred over cipher-block chaining (CBC) mode. The foll...
    Rule Medium Severity
  • Use Only FIPS 140-2 Validated MACs

    Limit the MACs to those hash algorithms which are FIPS-approved. The following line in <code>/etc/ssh/sshd_config</code> demonstrates use of FIPS-a...
    Rule Medium Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules