RHEL 10 must be configured so that Secure Shell (SSH) server configuration files' permissions are not modified.

STIG ID: RHEL-10-700590  |  SRG: SRG-OS-000080-GPOS-00048 |  Severity: medium (CAT II)  |  CCI: CCI-000213 |  Vulnerability Id: V-281262

Vulnerability Discussion

Service configuration files enable or disable features of their respective services, which if configured incorrectly can lead to insecure and vulnerable configurations. Therefore, service configuration files must be owned by the correct group to prevent unauthorized changes.

OpenSSH uses the first occurrence of a keyword it sees, and drop-in files are read in lexicographical order at the start of the configuration. Red Hat recommends using drop-in files rather than changing base configuration files.

Check

Verify RHEL 10 is configured so that SSH server configuration files' permissions are not modified.

Check the permissions of the "/etc/ssh/sshd_config" file with the following command:

$ sudo rpm --verify openssh-server | awk '! ($2 == "c" && $1 ~ /^.\..\.\.\.\..\./) {print $0}'

If the command returns any output, this is a finding.

Fix

Configure RHEL 10 so that SSH server configuration files' permissions are not modified.

Run the following commands to restore the correct permissions of OpenSSH server configuration files:

$ sudo rpm --setugids openssh-server
$ sudo rpm --setperms openssh-server
This website is not created by, run, approved, or endorsed by the U.S. Department of Defense. Use at your own risk. This website is created by open-source software.