dccce1d5cc
This patch gets the docs adjusted to work with the new RHEL 7 STIG version 1 release. The new STIG release has changed all of the numbering, but it maintains a link to (most) of the old STIG IDs in the XML. Closes-bug: 1676865 Change-Id: I65023fe63163c9804a3aec9dcdbf23c69bedb604
539 B
539 B
---id: V-72265 status: implemented tag: sshd ---
The UsePrivilegeSeparation configuration is set to
sandbox in /etc/ssh/sshd_config and sshd is
restarted.
Deployers can opt out of this change by setting the following Ansible variable:
security_sshd_enable_privilege_separation: noNote
Although the STIG requires this setting to be yes, the
sandbox setting actually provides more security because it
enables privilege separation during the early authentication
process.