漏洞描述
Missing an SSH idle timeout interval can lead to security risks by allowing unattended sessions to remain open, increasing the chance of unauthorized access or session hijacking.
file-idle-timeout-interval: Set SSH Idle Timeout Interval
PoC代码[已公开]
id: file-idle-timeout-interval
info:
name: Set SSH Idle Timeout Interval
author: pussycat0x
severity: unknown
description: |
Missing an SSH idle timeout interval can lead to security risks by allowing unattended sessions to remain open, increasing the chance of unauthorized access or session hijacking.
remediation: |
Set ClientAliveInterval 300 and ClientAliveCountMax 0 in /etc/ssh/sshd_config to enforce an idle timeout and restart the SSH service.
reference:
- https://vishalraj82.medium.com/hardening-openssh-security-37f5d634015f
- https://support.forcepoint.com/s/article/000015900
metadata:
verified: true
tags: audit,config,file,ssh
file:
- extensions:
- all
matchers-condition: and
matchers:
- type: word
words:
- "# This is the sshd server system-wide configuration file"
- type: word
words:
- "ClientAliveInterval"
- "ClientAliveCountMax"
condition: or
negative: true
# digest: 4a0a00473045022015133b4487142ff83a65980780210a8b78377c08d5939d117b528ec49b78f98b022100d2edb3ca543c655c9bd84f3888309b4a20c40557074dd405bcea1df996c843a2:922c64590222798bb761d5b6d8e72950