Skip to content

0023-sshd-sshd File Modification Check

Rule ID

  • 0023-sshd

Category

  • System

Severity

  • Warn

Compatible Versions

  • Linux

Description

  • Monitor whether the sshd configuration file has been modified.

Scan Frequency

  • Disabled

Theoretical Basis

  • In Linux system operations, it is often necessary to connect to other hosts. The service for connecting to other hosts is openssh-server, which allows remote hosts to access the sshd service via the network. If the sshd configuration file has been modified, it may have been maliciously altered.

Risk Items

  • Hacker penetration
  • Data leakage
  • Network security
  • Mining risk
  • Botnet risk

Audit Method

  • Verify if the host's sshd configuration file has been modified. You can run the following command to check: 
    ll /etc/ssh/sshd_config

Remediation

  • If the sshd configuration file has been modified, carefully inspect the host environment to determine if it has been compromised and change the host user passwords.

Impact

  • None

Default Value

  • None

References

  • None

CIS Controls

  • None

Feedback

Is this page helpful? ×