mail->rootcheck Rule: 516 (level 3) -> 'System Audit event.' System Audit: CIS - RHEL7 - 6.2.9 - SSH Configuration - Empty passwords permitted {CIS: 6.2.9 RHEL7} {PCI_DSS: 4.1}. File: /etc/ssh/sshd_config. Reference: https://benchmarks.cisecurity.org/to...ed_Hat_Enterpr ise_Linux_7_Benchmark_v1.1.0.pdf . title: CIS - RHEL7 - 6.2.9 - SSH Configuration - Empty passwords permitted file: /etc/ssh/sshd_config

What does it mean with SSH Configuration - Empty passwords permitted?

I found this on redhat archive :

On a standard installation of FC1 and FC2 (and FC3?) is permit to login with a user with a empty password ... is this correct?

How to disable this "feature"?

Edit the file mentioned above and look for the PermitEmptyPasswords entry.
Make sure that it's NOT commented out and that it is followed by "no", so it should look like
Then restart the sshd daemon to have it REread its config file.

I found this :

[root igloo root]# man sshd_config
> PermitEmptyPasswords
> When password authentication is allowed, it specifies whether the
> server allows login to accounts with empty password strings. The
> default is ânoâ.
[root igloo root]# grep PermitEmptyPasswords /etc/ssh/sshd_config
#PermitEmptyPasswords no
[root igloo root]# useradd nopasswd
[root igloo root]# passwd -d nopasswd
Removing password for user nopasswd.
passwd: Success
[root igloo root]# ssh nopasswd localhost
nopasswd localhost's password: <type ENTER>
Permission denied, please try again.
nopasswd localhost's password: <type "x" then ENTER>
[nopasswd igloo nopasswd]$ id
uid=505(nopasswd) gid=507(nopasswd) gruppi=507(nopasswd)
[nopasswd igloo nopasswd]$

And they answer like this

> How to disable this "feature"?

Put a non working shell as default for this user.

[root igloo root]# useradd -s /sbin/nologin nopasswd

If you've got it already created use,

[root igloo root]# usermod -s /sbin/nologin nopasswd


Could you explain this ?

Thanks

Welcome to LinuxQuestions.

I am not familiar with wazuh.
If your user has an empty password the ssh server allows you to login without password authentication. To disable this feature the following option would be in your sshd_config file.

PermitEmptyPasswords no

In addition the sshd_config contains many options and there default settings but can be commented and shown for information purposes. It depends on the ssh server version but with RHEL 7 as far as I know the default is no and therefore if it isn't in your sshd_config file or just a comment your ok.

I don't remember what ssh version ran on FC1,2 or 3 nor its default settings anymore. Since they are no longer supported you should not be running them anyway (there are always exceptions...) Adding the above line should work with those distributions too.