PHTN-67-000006 – The Photon operating system must have the sshd SyslogFacility set to ‘authpriv’ – authpriv.

Details

Automated monitoring of remote access sessions allows organizations to detect cyberattacks and ensure ongoing compliance with remote access policies by auditing connection activities.

Solution

Open /etc/ssh/sshd_config with a text editor.

Ensure that the ‘SyslogFacility’ line is uncommented and set to the following:

SyslogFacility AUTHPRIV

At the command line, execute the following command:

# service sshd reload

Supportive Information

The following resource is also helpful.

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_VMW_vSphere_6-7_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: Access Control.This control applies to the following type of system Unix.

References

800-53|AC-17(1)
CAT|II
CCI|CCI-000067
Rule-ID|SV-239078r675042_rule
STIG-ID|PHTN-67-000006
Vuln-ID|V-239078

Source

Tenable.com/audits

Updated on July 16, 2022

Was this article helpful?

Yes No

Details

Solution

Supportive Information

References

Source

Related Articles