id: file-limit-ssh-users-access

info:
  name: Limit SSH Users Access
  author: pussycat0x
  severity: unknown
  description: |
    Restricting SSH user access improves security by allowing only authorized users to connect, reducing the risk of unauthorized logins and potential attacks.
  remediation: |
    Restrict SSH access by configuring AllowUsers or AllowGroups in /etc/ssh/sshd_config and restart the SSH service.
  reference:
    - https://vishalraj82.medium.com/hardening-openssh-security-37f5d634015f
    - https://cloud.ibm.com/docs/ssh-keys?topic=ssh-keys-granting-ssh-access-to-a-user
  metadata:
    verified: true
  tags: audit,config,file,ssh

file:
  - extensions:
      - all

    matchers-condition: and
    matchers:
      - type: word
        words:
          - "# This is the sshd server system-wide configuration file"

      - type: word
        words:
          - "AllowUsers"
        negative: true
# digest: 4a0a00473045022100d4653c20bd62d6002b435d4eabe0d4c380a9995ffd37827139cd2f705abee49202205e31667183e2c8327613b0c8875101d12ee7827b5189f13ada6b246087fd81c8:922c64590222798bb761d5b6d8e72950