metadata/service/server/cis/cis-5-2-6.yml - salt-formulas/openssh - Gitiles

 # 5.2.6 Ensure SSH IgnoreRhosts is enabled (Scored)
 #
 # Profile Applicability
 # ---------------------
 # - Level 1 - Server
 # - Level 1 - Workstation
 #
 # Description
 # -----------
 # The IgnoreRhosts parameter specifies that .rhosts and .shosts files will not be used in
 # RhostsRSAAuthentication or HostbasedAuthentication .
 #
 # Rationale
 # ---------
 # Setting this parameter forces users to enter a password when authenticating with ssh.
 #
 # Audit
 # -----
 # Run the following command and verify that output matches:
 #
 #   # grep "^IgnoreRhosts" /etc/ssh/sshd_config
 #   IgnoreRhosts yes
 #
 # Remediation
 # -----------
 # Edit the /etc/ssh/sshd_config file to set the parameter as follows:
 #
 #   IgnoreRhosts yes

 parameter:
   openssh:
     server:
       ignore_rhosts: True
	# 5.2.6 Ensure SSH IgnoreRhosts is enabled (Scored)
	#
	# Profile Applicability
	# ---------------------
	# - Level 1 - Server
	# - Level 1 - Workstation
	#
	# Description
	# -----------
	# The IgnoreRhosts parameter specifies that .rhosts and .shosts files will not be used in
	# RhostsRSAAuthentication or HostbasedAuthentication .
	#
	# Rationale
	# ---------
	# Setting this parameter forces users to enter a password when authenticating with ssh.
	#
	# Audit
	# -----
	# Run the following command and verify that output matches:
	#
	# # grep "^IgnoreRhosts" /etc/ssh/sshd_config
	# IgnoreRhosts yes
	#
	# Remediation
	# -----------
	# Edit the /etc/ssh/sshd_config file to set the parameter as follows:
	#
	# IgnoreRhosts yes

	parameter:
	openssh:
	server:
	ignore_rhosts: True