AlmaLinux OS 9 must not allow users to override SSH environment variables.

An XCCDF Rule

Details
Profiles

Description

SSH environment options potentially allow users to bypass access restriction in some configurations.

ID: SV-269439r1050322_rule
Version: ALMA-09-043030
Severity: Medium
References: CCI-002420
Updated: about 2 months ago

Remediation Templates

To configure the system to prevent users from overriding SSH environment variables, add or modify the following line in "/etc/ssh/sshd_config":

PermitUserEnvironment no

Alternatively, add the setting to an include file if the line "Include /etc/ssh/sshd_config.d/*.conf" is found at the top of the "/etc/ssh/sshd_config" file:
$ echo "PermitUserEnvironment no" > /etc/ssh/sshd_config.d/environment.conf

Restart the SSH daemon for the settings to take effect:

$ systemctl restart sshd.service

AlmaLinux OS 9 must not allow users to override SSH environment variables.

Description

Remediation Templates

A Manual Procedure