CIS FAIL: Wrong value for CountMax

[ipruteanu-sie]

Describe the Issue RULE 5.2.20: Ensure no file named /etc/ssh/sshd_config exists and matches pattern ^(?i)\h*ClientAliveCountMax\h+0\b. However, we're using 0 as the configured value.

Expected Behavior CIS PASS:

"02/06/2024 18:12:07","ip-172-31-42-172.eu-west-1.compute.internal","N/A","N/A","1.0.0","#scap_org.cisecurity_comp_1.0.0_CIS_Red_Hat_Enterprise_Linux_9_Benchmark-xccdf","CIS Red Hat Enterprise Linux 9 Benchmark","xccdf_org.cisecurity.benchmarks_benchmark_1.0.0_CIS_Red_Hat_Enterprise_Linux_9_Benchmark","Level 2 - Server","xccdf_org.cisecurity.benchmarks_profile_Level_2_-_Server","xccdf_org.cisecurity.benchmarks_rule_5.2.20_Ensure_SSH_Idle_Timeout_Interval_is_configured","5.2.20","Ensure SSH Idle Timeout Interval is configured","pass","https://man.openbsd.org/sshd_config"

Actual Behavior

Script:sce/sshd_running_config.sh
Result:Fail
Exit Value:102
Output:

- Audit Result:** FAIL **
- Reason(s) for audit failure:
- check sshd parameter: "clientalivecountmax 0" 

| Script: | sce/sshd_running_config.sh | Result: | Fail | Exit Value: | 102 | Output: | - Audit Result:** FAIL **- Reason(s) for audit failure:- check sshd parameter: "clientalivecountmax 0"
Script: | sce/sshd_running_config.sh
Result: | Fail
Exit Value: | 102
Output: | - Audit Result:** FAIL **- Reason(s) for audit failure:- check sshd parameter: "clientalivecountmax 0"

Control(s) Affected 5.2.20 Environment (please complete the following information):

• branch being used: [e.g. devel]
• Ansible Version: [e.g. 2.10]
• Host Python Version: [e.g. Python 3.7.6]
• Ansible Server Python Version: [e.g. Python 3.7.6]
• Additional Details:

Additional Notes Anything additional goes here

Possible Solution PR

[uk-bolly]

hi @ipruteanu-sie

This Issue has been merged to devel and into main branch. I will therefore close this issue. Please feel free to reopen if you feel its not as expected.

Many thanks again for your time

uk-bolly