Detections
Analytics
PHTN-67-000006 - The Photon operating system must have the sshd SyslogFacility set to 'authpriv' - authpriv.
Information
Automated monitoring of remote access sessions allows organizations to detect cyberattacks and ensure ongoing compliance with remote access policies by auditing connection activities.Solution
Open /etc/ssh/sshd_config with a text editor.Ensure that the 'SyslogFacility' line is uncommented and set to the following:
SyslogFacility AUTHPRIV
At the command line, execute the following command:
# service sshd reload
See Also
https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_VMW_vSphere_6-7_Y23M07_STIG.zip
Item Details
Audit Name: DISA STIG VMware vSphere 6.7 Photon OS v1r6
Category: ACCESS CONTROL
References: 800-53|AC-17(1), CAT|II, CCI|CCI-000067, Rule-ID|SV-239078r675042_rule, STIG-ID|PHTN-67-000006, Vuln-ID|V-239078
Plugin: Unix
Control ID: 11dfc2fe963a5af786962186e57a3b794b1d84c4866e81b64eee2647e16145b8