The Photon operating system must configure the Secure Shell (SSH) SyslogFacility.
An XCCDF Rule
Description
<VulnDiscussion>Automated monitoring of remote access sessions allows organizations to detect cyberattacks and ensure ongoing compliance with remote access policies by auditing connection activities. Shipping sshd authentication events to syslog allows organizations to use their log aggregators to correlate forensic activities among multiple systems.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-258865r933656_rule
- Severity
- Medium
- References
- Updated
Remediation - Manual Procedure
Navigate to and open:
/etc/ssh/sshd_config
Ensure the "SyslogFacility" line is uncommented and set to the following: