Ubuntu 24.04 5.1.8 Ensure sshd DisableForwarding is enabled

ComplianceAsCode · Dec 13, 2024 · 04b21cd · 04b21cd
1 parent 5add21d
commit 04b21cd
Showing 1 changed file with 4 additions and 30 deletions.
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_disable_forwarding/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_disable_forwarding/rule.yml
@@ -3,44 +3,18 @@ documentation_complete: true
 title: 'Disable SSH Forwarding'
 
 description: |-
-    The DisableForwarding parameter disables all forwarding features, including X11,
-    ssh-agent(1), TCP and StreamLocal. This option overrides all other forwarding-related
-    options and may simplify restricted configurations.
-    - X11Forwarding provides the ability to tunnel X11 traffic through the connection to
-      enable remote graphic connections.
-    - ssh-agent is a program to hold private keys used for public key authentication.
-      Through use of environment variables the agent can be located and
-      automatically used for authentication when logging in to other machines using
-      ssh.
-    - SSH port forwarding is a mechanism in SSH for tunneling application ports from
-      the client to the server, or servers to clients. It can be used for adding encryption
-      to legacy applications, going through firewalls, and some system administrators
-      and IT professionals use it for opening backdoors into the internal network from
-      their home machines.
+    The DisableForwarding parameter disables all forwarding features, 
 
 rationale: |-
-    Disable X11 forwarding unless there is an operational requirement to use X11
-    applications directly. There is a small risk that the remote X11 servers of users who are
-    logged in via SSH with X11 forwarding could be compromised by other users on the
-    X11 server. Note that even if X11 forwarding is disabled, users can always install their
-    own forwarders.
-
-    Anyone with root privilege on the the intermediate server can make free use of ssh-
-    agent to authenticate them to other servers
-
-    Leaving port forwarding enabled can expose the organization to security risks and
-    backdoors. SSH connections are protected with strong encryption. This makes their
-    contents invisible to most deployed network monitoring and traffic filtering solutions.
-    This invisibility carries considerable risk potential if it is used for malicious purposes
-    such as data exfiltration. Cybercriminals or malware could exploit SSH to hide their
-    unauthorized communications, or to exfiltrate stolen data from the target network.
+    Disable ssh forwarding unless there is an operational requirement to use it. 
+    Leaving port forwarding enabled can expose the organization to security risks.
 
 severity: medium
 
 ocil_clause: "The DisableForwarding option exists and is yes"
 
 ocil: |-
-    {{{ ocil_sshd_option(default="yes", option="DisableForwarding", value="yeso") }}}
+    {{{ ocil_sshd_option(default="yes", option="DisableForwarding", value="yes") }}}
 
 template:
     name: sshd_lineinfile