CCE-95410-7| Platform: cpe:/o:amazon:linux:2, cpe:/o:centos:centos:7, cpe:/o:oracle:linux:7, cpe:/o:oracle:linux:8, cpe:/o:redhat:enterprise_linux:7, cpe:/o:redhat:enterprise_linux:8, cpe:/o:redhat:enterprise_linux:9 | Date: (C)2021-03-05 (M)2023-07-04 |
Description
The parameter specifies the maximum number of open sessions permitted from a given connection.
Rationale
To protect a system from denial of service due to a large number of concurrent sessions, use the rate limiting function of MaxSessions to protect availability of sshd logins and prevent overwhelming the daemon.
Audit
Run the following command to ensure MaxSessions is configured appropriately
grep -ir 'MaxSessions' /etc/ssh/sshd_config
Remediation
Edit the /etc/ssh/sshd_config file to set the parameter as follows:
MaxSessions 10
Parameter:
[10]
Technical Mechanism:
Edit the /etc/ssh/sshd_config file to set the parameter as follows:
MaxSessions 10
| CCSS Severity: | CCSS Metrics: |
| CCSS Score : 3.1 | Attack Vector: NETWORK |
| Exploit Score: 1.6 | Attack Complexity: HIGH |
| Impact Score: 1.4 | Privileges Required: LOW |
| Severity: LOW | User Interaction: NONE |
| Vector: AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L | Scope: UNCHANGED |
| | Confidentiality: NONE |
| | Integrity: NONE |
| | Availability: LOW |
| | |
References: | Resource Id | Reference |
|---|
| SCAP Repo OVAL Definition | oval:org.secpod.oval:def:71953 |
| SCAP Repo OVAL Definition | oval:org.secpod.oval:def:72962 |
| SCAP Repo OVAL Definition | oval:org.secpod.oval:def:72319 |
| SCAP Repo OVAL Definition | oval:org.secpod.oval:def:72857 |
| SCAP Repo OVAL Definition | oval:org.secpod.oval:def:84193 |
| SCAP Repo OVAL Definition | oval:org.secpod.oval:def:72750 |
| SCAP Repo OVAL Definition | oval:org.secpod.oval:def:68562 |
| SCAP Repo OVAL Definition | oval:org.secpod.oval:def:72647 |
