The Red Hat Enterprise Linux operating system must not allow users to override SSH environment variables.

An XCCDF Rule

Description

<VulnDiscussion>Failure to restrict system access to authenticated users negatively impacts operating system security.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-204434r877377_rule
Severity: Medium
References: CCI-000366
Updated: 8 months ago

Configure the operating system to not allow users to override environment variables to the SSH daemon.

Edit the "/etc/ssh/sshd_config" file to uncomment or add the line for "PermitUserEnvironment" keyword and set the value to "no":

PermitUserEnvironment no
The SSH service must be restarted for changes to take effect.

The Red Hat Enterprise Linux operating system must not allow users to override SSH environment variables.

Description

Remediation - Manual Procedure