The Photon operating system must enable Secure Shell (SSH) authentication logging.
An XCCDF Rule
Description
<VulnDiscussion>Automated monitoring of remote access sessions allows organizations to detect cyberattacks and ensure ongoing compliance with remote access policies by auditing connection activities. The INFO LogLevel is required, at least, to ensure the capturing of failed login events.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-258866r958406_rule
- Severity
- Medium
- References
- Updated
Remediation - Manual Procedure
Navigate to and open:
/etc/ssh/sshd_config
Ensure the "LogLevel" line is uncommented and set to the following: