diff --git a/core/mondoo-linux-security.mql.yaml b/core/mondoo-linux-security.mql.yaml index aa7baef0..18e516b7 100644 --- a/core/mondoo-linux-security.mql.yaml +++ b/core/mondoo-linux-security.mql.yaml @@ -2690,9 +2690,19 @@ queries: title: Ensure SSH Idle Timeout Interval is configured impact: 60 mql: | - sshd.config.params["ClientAliveInterval"] >= 1 - sshd.config.params["ClientAliveInterval"] <= 300 - sshd.config.params["ClientAliveCountMax"] = 0 + defaultBlock = sshd.config.blocks.where(criteria.in([""]) == props.checkDefaultMatchBlock && criteria == ""); + + userBlocks = sshd.config.blocks.where(criteria.contains(props.excludedMatchBlocks) == false && criteria != ""); + + userBlocks.all(params.ClientAliveInterval >= 1) + userBlocks.all(params.ClientAliveInterval <= 900) + userBlocks.all(params.ClientAliveCountMax > 0) + userBlocks.all(params.ClientAliveCountMax <= 3) + + defaultBlock.all(params.ClientAliveInterval >= 1) + defaultBlock.all(params.ClientAliveInterval <= 900) + defaultBlock.all(params.ClientAliveCountMax > 0) + defaultBlock.all(params.ClientAliveCountMax <= 3) docs: desc: The two options `ClientAliveInterval` and `ClientAliveCountMax` control the timeout of ssh sessions. When the `ClientAliveInterval` variable is set, ssh sessions that have no activity for the specified length of time are terminated. When the `ClientAliveCountMax` variable is set, `sshd` will send client alive messages at every `ClientAliveInterval` interval. When the number of consecutive client alive messages are sent with no response from the client, the `ssh` session is terminated. For example, if the `ClientAliveInterval` is set to 15 seconds and the `ClientAliveCountMax` is set to 3, the client `ssh` session will be terminated after 45 seconds of idle time. remediation: |- @@ -2700,7 +2710,7 @@ queries: ``` ClientAliveInterval 300 - ClientAliveCountMax 0 + ClientAliveCountMax 3 ``` - uid: mondoo-linux-security-ssh-logingracetime-is-set-to-one-minute-or-less title: Ensure SSH LoginGraceTime is set to one minute or less