The Red Hat Enterprise Linux operating system must be configured so that the SSH daemon uses privilege separation.

An XCCDF Rule

Details
Profiles

Description

SSH daemon privilege separation causes the SSH process to drop root privileges when not needed, which would decrease the impact of software vulnerabilities in the unprivileged section.

ID: SV-204601r603261_rule
Version: RHEL-07-040460
Severity: Medium
References: CCI-000366
Updated: 5 days ago

Remediation Templates

Uncomment the "UsePrivilegeSeparation" keyword in "/etc/ssh/sshd_config" (this file may be named differently or be in a different location if using a version of SSH that is provided by a third-party vendor) and set the value to "sandbox" or "yes":

UsePrivilegeSeparation sandbox

The SSH service must be restarted for changes to take effect.

The Red Hat Enterprise Linux operating system must be configured so that the SSH daemon uses privilege separation.

Description

Remediation Templates

A Manual Procedure