Set SSH Idle Timeout Interval
ID: file-idle-timeout-interval
Severity: unknown
Author: pussycat0x
Tags: audit,config,file,ssh
Description
Section titled “Description”Missing an SSH idle timeout interval can lead to security risks by allowing unattended sessions to remain open, increasing the chance of unauthorized access or session hijacking.
YAML Source
Section titled “YAML Source”id: file-idle-timeout-interval
info: name: Set SSH Idle Timeout Interval author: pussycat0x severity: unknown description: | Missing an SSH idle timeout interval can lead to security risks by allowing unattended sessions to remain open, increasing the chance of unauthorized access or session hijacking. remediation: | Set ClientAliveInterval 300 and ClientAliveCountMax 0 in /etc/ssh/sshd_config to enforce an idle timeout and restart the SSH service. reference: - https://vishalraj82.medium.com/hardening-openssh-security-37f5d634015f - https://support.forcepoint.com/s/article/000015900 metadata: verified: true tags: audit,config,file,ssh
file: - extensions: - all
matchers-condition: and matchers: - type: word words: - "# This is the sshd server system-wide configuration file"
- type: word words: - "ClientAliveInterval" - "ClientAliveCountMax" condition: or negative: true# digest: 4a0a00473045022015133b4487142ff83a65980780210a8b78377c08d5939d117b528ec49b78f98b022100d2edb3ca543c655c9bd84f3888309b4a20c40557074dd405bcea1df996c843a2:922c64590222798bb761d5b6d8e72950Guide to check the vulnerabilities
Section titled “Guide to check the vulnerabilities”This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.
$ nuclei -u "URL" -t "file/audit/ssh/file-idle-timeout-Interval.yaml"