ESXI-67-000027 – The ESXi host SSH daemon must set a timeout interval on idle sessions.

Details

Automatically logging out idle users guards against compromises via hijacked administrative sessions.

Solution

From an SSH session connected to the ESXi host, or from the ESXi shell, add or correct the following line in ‘/etc/ssh/sshd_config’:

ClientAliveInterval 200

Supportive Information

The following resource is also helpful.

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_VMW_vSphere_6-7_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Unix.

References

800-53|CM-6b.
CAT|III
CCI|CCI-000366
CSCv6|16.4
Rule-ID|SV-239282r674775_rule
STIG-ID|ESXI-67-000027
STIG-Legacy|SV-104087
STIG-Legacy|V-94001
Vuln-ID|V-239282

Source

Tenable.com/audits

Updated on July 16, 2022

Was this article helpful?

Yes No

Details

Solution

Supportive Information

References

Source

Related Articles