Skip to content

Set SSH Daemon LogLevel to VERBOSE

An XCCDF Rule

Description

The VERBOSE parameter configures the SSH daemon to record login and logout activity. To specify the log level in SSH, add or correct the following line in /etc/ssh/sshd_config:

LogLevel VERBOSE

Rationale

SSH provides several logging levels with varying amounts of verbosity. DEBUG is specifically not recommended other than strictly for debugging SSH communications since it provides so much data that it is difficult to identify important security information. INFO or VERBOSE level is the basic level that only records login activity of SSH users. In many situations, such as Incident Response, it is important to determine when a particular user was active on a system. The logout record can eliminate those users who disconnected, which helps narrow the field.

ID
xccdf_org.ssgproject.content_rule_sshd_set_loglevel_verbose
Severity
Medium
References
Updated



Remediation - Shell Script

# Remediation is applicable only in certain platforms
if [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ]; then

if [ -e "/etc/ssh/sshd_config" ] ; then
    
    LC_ALL=C sed -i "/^\s*LogLevel\s\+/Id" "/etc/ssh/sshd_config"

Remediation - Ansible

- name: Set SSH Daemon LogLevel to VERBOSE
  block:

  - name: Check for duplicate values
    lineinfile:
      path: /etc/ssh/sshd_config