STIGhubSTIGhub
STIGsRMF ControlsCompare
STIGhub— A free STIG search and compliance tool·STIGs updated 3 days ago
Powered by Pylon·Privacy·Terms·© 2026 Beacon Cloud Solutions, Inc.
← Back to Red Hat Enterprise Linux 10 Security Technical Implementation Guide

V-281262

CAT II (Medium)

RHEL 10 must be configured so that Secure Shell (SSH) server configuration files' permissions are not modified.

Rule ID

SV-281262r1184762_rule

STIG

Red Hat Enterprise Linux 10 Security Technical Implementation Guide

Version

V1R1

CCIs

CCI-000213

Discussion

Service configuration files enable or disable features of their respective services, which if configured incorrectly can lead to insecure and vulnerable configurations. Therefore, service configuration files must be owned by the correct group to prevent unauthorized changes. OpenSSH uses the first occurrence of a keyword it sees, and drop-in files are read in lexicographical order at the start of the configuration. Red Hat recommends using drop-in files rather than changing base configuration files.

Check Content

Verify RHEL 10 is configured so that SSH server configuration files' permissions are not modified.

Check the permissions of the "/etc/ssh/sshd_config" file with the following command:

$ sudo rpm --verify openssh-server | awk '! ($2 == "c" && $1 ~ /^.\..\.\.\.\..\./) {print $0}'

If the command returns any output, this is a finding.

Fix Text

Configure RHEL 10 so that SSH server configuration files' permissions are not modified.

Run the following commands to restore the correct permissions of OpenSSH server configuration files:

$ sudo rpm --setugids openssh-server
$ sudo rpm --setperms openssh-server