The macOS system must configure the SSH ServerAliveInterval to 900.
An XCCDF Rule
Description
<VulnDiscussion>SSH must be configured with an Active Server Alive Maximum Count set to 900. Setting the Active Server Alive Maximum Count to 900 will log users out after a 900-second interval of inactivity. NOTE: /etc/ssh/ssh_config will be automatically modified to its original state following any update or major upgrade to the operating system.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-268444r1034800_rule
- Severity
- Medium
- References
- Updated
Remediation - Manual Procedure
Configure the macOS system to set the SSH ServerAliveInterval to 900 with the following command:
include_dir=$(/usr/bin/awk '/^Include/ {print $2}' /etc/ssh/ssh_config | /usr/bin/tr -d '*')
ssh_config_string=("ServerAliveInterval 900")
for ssh_config in $ssh_config_string; do