Ensure Remote Administrative Access Is Encrypted
An XCCDF Rule
Description
Ensure that the SSH server service is enabled.
The sshd service can be enabled with the following command:
$ sudo systemctl enable sshd.service
Rationale
Logging into a web server remotely using an unencrypted protocol or service
when performing updates and maintenance is a major risk. Data, such as user
account, is transmitted in plaintext and can easily be compromised. When
performing remote administrative tasks, a protocol or service that encrypts the
communication channel must be used.
An alternative to remote administration of
the web server is to perform web server administration locally at the console.
Local administration at the console implies physical access to the server.
- ID
- xccdf_org.ssgproject.content_rule_httpd_configure_remote_session_encryption
- Severity
- High
- References
- Updated