{"description": "Make sure to have the Include /etc/ssh/sshd_config.d/*.conf line in the /etc/ssh/sshd_config file.\nIdeally, don't have any active configuration directives in that file, and distribute the service configuration\nto several files in the /etc/ssh/sshd_config.d directory.", "rationale": "This form of distributed configuration is considered as a good practice, and as other sshd rules assume that directives in files in the /etc/ssh/sshd_config.d config directory are effective, there has to be a rule that ensures this.\nAside from that, having multiple configuration files makes the SSH Server configuration changes easier to partition according to the reason that they were introduced, and therefore it should help to perform merges of hardening updates.", "severity": "medium", "references": {"hipaa": ["164.312(a)"], "ospp": ["FCS_SSH_EXT.1"], "ism": ["1409"]}, "control_references": {"ism": ["1409"]}, "components": [], "identifiers": {}, "ocil_clause": "you don't include other configuration files from the main configuration file", "ocil": "To determine whether the SSH server includes configuration files from the right directory, run the following command:\n$ sudo grep -i '^Include' /etc/ssh/sshd_config
\nIf a line Include /etc/ssh/sshd_config.d/*.conf is returned, then the configuration file inclusion is set correctly.", "oval_external_content": null, "fixtext": "", "checktext": "", "vuldiscussion": "", "srg_requirement": "", "warnings": [], "conflicts": [], "requires": [], "policy_specific_content": {}, "platform": null, "platforms": [], "sce_metadata": {}, "inherited_platforms": ["system_with_kernel"], "cpe_platform_names": [], "inherited_cpe_platform_names": ["system_with_kernel"], "bash_conditional": null, "fixes": {}, "title": "Distribute the SSH Server configuration to multiple files in a config directory.", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/services/ssh/ssh_server/sshd_use_directory_configuration/rule.yml", "template": null}