Skip to content

The Photon operating system must enable Secure Shell (SSH) authentication logging.

An XCCDF Rule

Description

<VulnDiscussion>Automated monitoring of remote access sessions allows organizations to detect cyberattacks and ensure ongoing compliance with remote access policies by auditing connection activities. The INFO LogLevel is required, at least, to ensure the capturing of failed login events.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID
SV-258866r958406_rule
Severity
Medium
References
Updated



Remediation - Manual Procedure

Navigate to and open:

/etc/ssh/sshd_config

Ensure the "LogLevel" line is uncommented and set to the following: