dLobatog · December 10, 2018 14:31
diff --git a/gistfile1.txt b/gistfile1.txt
 {"data":[{"id":"67ee230b-b1c9-4579-b229-a7efbc2710a4","type":"rule","attributes":{"created_at":"2018-12-10T13:53:47.212Z","updated_at":"2018-12-10T13:53:47.212Z","ref_id":"xccdf_org.ssgproject.content_rule_sshd_set_keepalive","title":"Set SSH Client Alive Count","rationale":"This ensures a user login will be terminated as soon as the ClientAliveInterval\nis reached.","description":"To ensure the SSH idle timeout occurs precisely when the ClientAliveInterval is set,\nedit /etc/ssh/sshd_config as follows:\nClientAliveCountMax 0","severity":"Medium","total_systems_count":0,"affected_systems_count":0}},{"id":"5eea3eb2-6222-4ab5-8b1a-f36f67463787","type":"rule","attributes":{"created_at":"2018-12-10T13:53:47.240Z","updated_at":"2018-12-10T13:53:47.240Z","ref_id":"xccdf_org.ssgproject.content_rule_sshd_limit_user_access","title":"Limit Users' SSH Access","rationale":"Specifying which accounts are allowed SSH access into the system reduces the\npossibility of unauthorized access to the system.","description":"By default, the SSH configuration allows any user with an account\nto access the system. In order to specify the users that are allowed to login\nvia SSH and deny all other users, add or correct the following line in the\n/etc/ssh/sshd_config file:\nDenyUsers USER1 USER2\nWhere USER1 and USER2 are valid user names.","severity":"Unknown","total_systems_count":0,"affected_systems_count":1}},{"id":"eb3e1d1b-8ce3-4b4f-89d9-284872d7e0f2","type":"rule","attributes":{"created_at":"2018-12-10T13:53:47.262Z","updated_at":"2018-12-10T13:53:47.262Z","ref_id":"xccdf_org.ssgproject.content_rule_sshd_allow_only_protocol2","title":"Allow Only SSH Protocol 2","rationale":"SSH protocol version 1 is an insecure implementation of the SSH protocol and\nhas many well-known vulnerability exploits. Exploits of the SSH daemon could provide\nimmediate root access to the system.","description":"Only SSH protocol version 2 connections should be\npermitted. The default setting in\n/etc/ssh/sshd_config is correct, and can be\nverified by ensuring that the following\nline appears:\nProtocol 2","severity":"High","total_systems_count":0,"affected_systems_count":1}},{"id":"832aae28-c1d8-4587-ad3e-4eccaafc924d","type":"rule","attributes":{"created_at":"2018-12-10T13:53:47.284Z","updated_at":"2018-12-10T13:53:47.284Z","ref_id":"xccdf_org.ssgproject.content_rule_sshd_use_strong_macs","title":"Use Only Strong MACs","rationale":"MD5 and 96-bit MAC algorithms are considered weak and have been shown to increase\nexploitability in SSH downgrade attacks. Weak algorithms continue to have a great deal of\nattention as a weak spot that can be exploited with expanded computing power. An\nattacker that breaks the algorithm could take advantage of a MiTM position to decrypt the\nSSH tunnel and capture credentials and information","description":"Limit the MACs to strong hash algorithms.\nThe following line in /etc/ssh/sshd_config demonstrates use\nof those MACs:\nMACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160","severity":"Medium","total_systems_count":0,"affected_systems_count":1}},{"id":"a1b1d802-8334-4a76-aeb7-a6724db109c0","type":"rule","attributes":{"created_at":"2018-12-10T13:53:47.307Z","updated_at":"2018-12-10T13:53:47.307Z","ref_id":"xccdf_org.ssgproject.content_rule_sshd_enable_strictmodes","title":"Enable Use of Strict Mode Checking","rationale":"If other users have access to modify user-specific SSH configuration files, they\nmay be able to log into the system as another user.","description":"SSHs StrictModes option checks file and ownership permissions in\nthe user's home directory .ssh folder before accepting login. If world-\nwritable permissions are found, logon is rejected. To enable StrictModes in SSH,\nadd or correct the following line in the /etc/ssh/sshd_config file:\nStrictModes yes","severity":"Medium","total_systems_count":0,"affected_systems_count":1}},{"id":"6f942175-7d63-4d83-afaf-6a143c17d4f0","type":"rule","attributes":{"created_at":"2018-12-10T13:53:47.331Z
	{"data":[{"id":"67ee230b-b1c9-4579-b229-a7efbc2710a4","type":"rule","attributes":{"created_at":"2018-12-10T13:53:47.212Z","updated_at":"2018-12-10T13:53:47.212Z","ref_id":"xccdf_org.ssgproject.content_rule_sshd_set_keepalive","title":"Set SSH Client Alive Count","rationale":"This ensures a user login will be terminated as soon as the ClientAliveInterval\nis reached.","description":"To ensure the SSH idle timeout occurs precisely when the ClientAliveInterval is set,\nedit /etc/ssh/sshd_config as follows:\nClientAliveCountMax 0","severity":"Medium","total_systems_count":0,"affected_systems_count":0}},{"id":"5eea3eb2-6222-4ab5-8b1a-f36f67463787","type":"rule","attributes":{"created_at":"2018-12-10T13:53:47.240Z","updated_at":"2018-12-10T13:53:47.240Z","ref_id":"xccdf_org.ssgproject.content_rule_sshd_limit_user_access","title":"Limit Users' SSH Access","rationale":"Specifying which accounts are allowed SSH access into the system reduces the\npossibility of unauthorized access to the system.","description":"By default, the SSH configuration allows any user with an account\nto access the system. In order to specify the users that are allowed to login\nvia SSH and deny all other users, add or correct the following line in the\n/etc/ssh/sshd_config file:\nDenyUsers USER1 USER2\nWhere USER1 and USER2 are valid user names.","severity":"Unknown","total_systems_count":0,"affected_systems_count":1}},{"id":"eb3e1d1b-8ce3-4b4f-89d9-284872d7e0f2","type":"rule","attributes":{"created_at":"2018-12-10T13:53:47.262Z","updated_at":"2018-12-10T13:53:47.262Z","ref_id":"xccdf_org.ssgproject.content_rule_sshd_allow_only_protocol2","title":"Allow Only SSH Protocol 2","rationale":"SSH protocol version 1 is an insecure implementation of the SSH protocol and\nhas many well-known vulnerability exploits. Exploits of the SSH daemon could provide\nimmediate root access to the system.","description":"Only SSH protocol version 2 connections should be\npermitted. The default setting in\n/etc/ssh/sshd_config is correct, and can be\nverified by ensuring that the following\nline appears:\nProtocol 2","severity":"High","total_systems_count":0,"affected_systems_count":1}},{"id":"832aae28-c1d8-4587-ad3e-4eccaafc924d","type":"rule","attributes":{"created_at":"2018-12-10T13:53:47.284Z","updated_at":"2018-12-10T13:53:47.284Z","ref_id":"xccdf_org.ssgproject.content_rule_sshd_use_strong_macs","title":"Use Only Strong MACs","rationale":"MD5 and 96-bit MAC algorithms are considered weak and have been shown to increase\nexploitability in SSH downgrade attacks. Weak algorithms continue to have a great deal of\nattention as a weak spot that can be exploited with expanded computing power. An\nattacker that breaks the algorithm could take advantage of a MiTM position to decrypt the\nSSH tunnel and capture credentials and information","description":"Limit the MACs to strong hash algorithms.\nThe following line in /etc/ssh/sshd_config demonstrates use\nof those MACs:\nMACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160","severity":"Medium","total_systems_count":0,"affected_systems_count":1}},{"id":"a1b1d802-8334-4a76-aeb7-a6724db109c0","type":"rule","attributes":{"created_at":"2018-12-10T13:53:47.307Z","updated_at":"2018-12-10T13:53:47.307Z","ref_id":"xccdf_org.ssgproject.content_rule_sshd_enable_strictmodes","title":"Enable Use of Strict Mode Checking","rationale":"If other users have access to modify user-specific SSH configuration files, they\nmay be able to log into the system as another user.","description":"SSHs StrictModes option checks file and ownership permissions in\nthe user's home directory .ssh folder before accepting login. If world-\nwritable permissions are found, logon is rejected. To enable StrictModes in SSH,\nadd or correct the following line in the /etc/ssh/sshd_config file:\nStrictModes yes","severity":"Medium","total_systems_count":0,"affected_systems_count":1}},{"id":"6f942175-7d63-4d83-afaf-6a143c17d4f0","type":"rule","attributes":{"created_at":"2018-12-10T13:53:47.331Z
No results found