anku33/RHEL9-CIS-Audit
1
0
Fork 0
mirror of https://github.com/ansible-lockdown/RHEL9-CIS-Audit.git synced 2026-06-09 14:45:47 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
414f6af5e76311d3095eda7edba97ac197bb8317
RHEL9-CIS-Audit/section_5/cis_5.1/cis_5.1.18.yml
T
Mark Bolwell 414f6af5e7 v2.0.0 initial 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
2024-08-07 10:59:45 +01:00

56 lines
1.1 KiB
YAML
Raw Blame History

---
{{ if .Vars.rhel9cis_level_1 }}
{{ if .Vars.rhel9cis_rule_5_1_18 }}
file:
sshd_maxsessions:
title: 5.1.18 | Ensure SSH MaxSessions is limited
path: /etc/ssh/sshd_config
exists: true
contents:
- '/^MaxSessions ([1-9]|10)/'
- '!/^MaxSessions (1[1-9]|[2-9][0-9]|[1-9]{3,})/'
meta:
server: 1
workstation: 1
CIS_ID:
- 5.1.18
CISv8: 4.1
CISv8_IG1: true
CISv8_IG2: true
CISv8_IG3: true
NIST800-53R5:
- CM-1
- CM-2
- CM-6
- CM-7
- IA-5
command:
ssh_maxsessions_live:
title: 5.1.18 | Ensure SSH MaxSessions is limited | live
exec: sshd -T | grep maxsessions
exit-status:
or:
- 0
- 1
stdout:
- '/^maxsessions ([1-9]|10)/'
- '!/^maxsessions (1[1-9]|[2-9][0-9]|[1-9]{3,})/'
meta:
server: 1
workstation: 1
CIS_ID:
- 5.1.18
CISv8: 4.1
CISv8_IG1: true
CISv8_IG2: true
CISv8_IG3: true
NIST800-53R5:
- CM-1
- CM-2
- CM-6
- CM-7
- IA-5
{{ end }}
{{ end }}
Reference in New Issue View Git Blame Copy Permalink