Secure Shell Server (sshd) Execution
No violationsstackroxhighruntimeDetects container running the SSH daemon
- Rationale
- The secure shell server allows shell access to a container, which can be dangerous.
- Remediation
- If ssh is absolutely required, ensure that it is not using default authentication. Otherwise, consider removing it from the container altogether.
CategoriesDocker CISNetwork Tools
Compliance mappingsView coverage →
- DORA EU 2022/2554
- Art. 9.2Art. 9.4(b)
- ISO/IEC 27001 2022
- A.8.20A.8.9
- NIST SP 800-53 rev. 5
- CM-2CM-7
- PCI DSS 4.0
- 2.2.12.2.4
Generated artifacts
1 of 5 targets supportedsecure-shell-server-sshd-execution.yaml
- rule: secure-shell-server-sshd-execution
desc: Detects container running the SSH daemon
condition: proc.name in ("sshd")
output: Process %proc.name executed by user %user.name (uid=%user.uid) in container %container.id image=%container.image.repository (policy=Secure Shell Server (sshd) Execution)
priority: ERROR
source: syscall
tags:
- stackrox-import
- policy
- n
IR (canonical)
{
"id": "618e65ca-737b-4fec-bb42-57a04e7dfc28",
"name": "Secure Shell Server (sshd) Execution",
"description": "Detects container running the SSH daemon",
"rationale": "The secure shell server allows shell access to a container, which can be dangerous.",
"remediation": "If ssh is absolutely required, ensure that it is not using default authentication. Otherwise, consider removing it from the container altogether.",
"severity": "high",
"categories": [
"Docker CIS",
"Network Tools"
],
"lifecycle": [
"runtime"
],
"eventSource": "deployment",
"scope": [],
"exclusions": [],
"enforcement": {
"failBuild": false
},
"expression": {
"op": "criterion",
"field": "process-name",
"values": [
"sshd"
],
"valuesOp": "or",
"negate": false
},
"disabled": false
}Original StackRox JSON
{
"id": "618e65ca-737b-4fec-bb42-57a04e7dfc28",
"name": "Secure Shell Server (sshd) Execution",
"description": "Detects container running the SSH daemon",
"rationale": "The secure shell server allows shell access to a container, which can be dangerous.",
"remediation": "If ssh is absolutely required, ensure that it is not using default authentication. Otherwise, consider removing it from the container altogether.",
"disabled": false,
"categories": [
"Docker CIS",
"Network Tools"
],
"lifecycleStages": [
"RUNTIME"
],
"eventSource": "DEPLOYMENT_EVENT",
"exclusions": [],
"scope": [],
"severity": "HIGH_SEVERITY",
"enforcementActions": [],
"policySections": [
{
"sectionName": "",
"policyGroups": [
{
"fieldName": "Process Name",
"booleanOperator": "OR",
"negate": false,
"values": [
{
"value": "sshd"
}
]
}
]
}
],
"notifiers": [],
"lastUpdated": null,
"SORTName": "",
"SORTLifecycleStage": "",
"SORTEnforcement": false,
"policyVersion": "1.1",
"mitreAttackVectors": [
{
"tactic": "TA0001",
"techniques": [
"T1078"
]
},
{
"tactic": "TA0002",
"techniques": [
"T1059.004"
]
},
{
"tactic": "TA0008",
"techniques": [
"T1021.004"
]
}
],
"criteriaLocked": true,
"mitreVectorsLocked": true,
"isDefault": true,
"source": "IMPERATIVE"
}