The Photon operating system must have the sshd SyslogFacility set to "authpriv".

An XCCDF Rule

Details
Profiles
Prose

Description

<VulnDiscussion>Automated monitoring of remote access sessions allows organizations to detect cyberattacks and ensure ongoing compliance with remote access policies by auditing connection activities.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-256483r887123_rule
Severity: Medium
References: CCI-000067
Updated: 8 months ago

Navigate to and open:

/etc/ssh/sshd_config

Ensure the "SyslogFacility" line is uncommented and set to the following:
SyslogFacility AUTHPRIV

At the command line, run the following command:

# systemctl restart sshd.service

The Photon operating system must have the sshd SyslogFacility set to "authpriv".

Description

Remediation - Manual Procedure