PHTN-67-000006 - The Photon operating system must have the sshd SyslogFacility set to 'authpriv' - authpriv.

Information

Automated monitoring of remote access sessions allows organizations to detect cyberattacks and ensure ongoing compliance with remote access policies by auditing connection activities.

Solution

Open /etc/ssh/sshd_config with a text editor.

Ensure that the 'SyslogFacility' line is uncommented and set to the following:

SyslogFacility AUTHPRIV

At the command line, execute the following command:

# service sshd reload

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_VMW_vSphere_6-7_Y22M04_STIG.zip

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-17(1), CAT|II, CCI|CCI-000067, Rule-ID|SV-239078r675042_rule, STIG-ID|PHTN-67-000006, Vuln-ID|V-239078

Plugin: Unix

Control ID: 058032a387b091ad0865480050b46560581921a5eac09eb3eb3e0e5802a3c24c