CCE-95411-5| Platform: cpe:/o:amazon:linux:2, cpe:/o:centos:centos:7, cpe:/o:oracle:linux:7, cpe:/o:oracle:linux:8, cpe:/o:redhat:enterprise_linux:7, cpe:/o:redhat:enterprise_linux:8, cpe:/o:redhat:enterprise_linux:9 | Date: (C)2021-03-05 (M)2023-07-04 |
Description
The MaxStartups parameter specifies the maximum number of concurrent unauthenticated connections to the SSH daemon.
Rationale
To protect a system from denial of service due to a large number of pending authentication connection attempts, use the rate limiting function of MaxStartups to protect availability of sshd logins and prevent overwhelming the daemon.
Audit
Run the following command to ensure MaxSessions is configured appropriately
grep -ir 'MaxStartups' /etc/ssh/sshd_config
Remediation
Edit the /etc/ssh/sshd_config file to set the parameter as follows:
maxstartups 10:30:60
Parameter:
[10:30:60]
Technical Mechanism:
Edit the /etc/ssh/sshd_config file to set the parameter as follows:
maxstartups 10:30:60
| CCSS Severity: | CCSS Metrics: |
| CCSS Score : 3.1 | Attack Vector: NETWORK |
| Exploit Score: 1.6 | Attack Complexity: HIGH |
| Impact Score: 1.4 | Privileges Required: LOW |
| Severity: LOW | User Interaction: NONE |
| Vector: AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L | Scope: UNCHANGED |
| | Confidentiality: NONE |
| | Integrity: NONE |
| | Availability: LOW |
| | |
References: | Resource Id | Reference |
|---|
| SCAP Repo OVAL Definition | oval:org.secpod.oval:def:72963 |
| SCAP Repo OVAL Definition | oval:org.secpod.oval:def:72858 |
| SCAP Repo OVAL Definition | oval:org.secpod.oval:def:71958 |
| SCAP Repo OVAL Definition | oval:org.secpod.oval:def:72751 |
| SCAP Repo OVAL Definition | oval:org.secpod.oval:def:72324 |
| SCAP Repo OVAL Definition | oval:org.secpod.oval:def:72648 |
| SCAP Repo OVAL Definition | oval:org.secpod.oval:def:68563 |
| SCAP Repo OVAL Definition | oval:org.secpod.oval:def:84198 |
