Ep. 40: Monitoring SSH Daemon configuration with Checkmk

To load this YouTube video you are required to accept advertising cookies.

[0:00:00] Be aware of your SSH daemon configuration with this Checkmk plug-in.
[0:00:15] Welcome to the Checkmk Channel. If you're running Linux systems in your network, you will probably SSH into them from time to time to do maintenance or to configure something.
[0:00:27] As this is a security-critical aspect of your system connecting to it remotely, you want to be sure that it's configured properly and you want to be aware if someone changes these settings without you allowing it.
[0:00:41] With a plug-in I'm going to show you in a few moments, you will be able to monitor the most important aspects of your SSH daemon configuration and be aware if something changes.
[0:00:53] So, let's take a look at how we do this. So, to enable this kind of monitoring, we can simply search for SSH. And then we first find the Agent rules because we need to roll out the plug-in here.
[0:01:05] So, let's do that. And there is no configuration to this plug-in, we simply roll it out. 
[0:01:11] You might want to set some conditions, I'm not going to do that here in this environment.
[0:01:17] I'm going to save this rule, activate the changes, and bake the agent. And then we're going to take a look at the second rule that we need to actually have some thresholds here.
[0:01:35] So, that's the baking process. The second rule that we're going to take a look at, we can again search for SSH. It's the Service monitoring rules. There, it's called SSH daemon configuration.
[0:01:49] And if we go into this, we add a new rule, and then we can configure all the bits and pieces that we want to be sure that the configuration is right.
[0:01:59] So, for example, you might want to make sure that the root login is only allowed password-less. We could do that here. So, I'm just going to enable this option. 
[0:02:09] You might want to make sure that only SSH Version 2 is used because Version 1 is considered insecure. So, you can configure that here.
[0:02:17] You can also make sure that the allowed ports are just in the range that you want to configure. Maybe you change the default port to something else and you want to be sure that no one is using the default port.
[0:02:30] So, I could put in something, some different port here, it doesn't really matter. And you could be aware if someone changes that.
[0:02:38] There are some more options, I'm not going to cover all of them. You can just take a look, but you get the idea.
[0:02:43] This decides about the baseline that we want to monitor. And if I save that, I'm not going to activate the change right now because we are directly jumping to our monitored system.
[0:02:58] And taking a look whether the update has already taken place. So, let's take do a Rescan here.
[0:03:08] And there is our SSH daemon configuration check and we can already see the several aspects that are checked.
[0:03:15] And we can see that some of the options are not present in the configuration, which will be also notified, because someone might have commented out something there.
[0:03:25] So, like this, we already see there are three critical points in here that we would need to resolve to have the screen. So, let's accept this service.
[0:03:37] And then we are aware. You would simply go to the system, make sure that the configuration is right, no matter how you do it, whether you do it manually or with some sort of automation system, that doesn't really matter.
[0:03:48] But if something changes, on any of those systems, you will instantly see it with the SSH daemon configuration check. 
[0:03:58] That concludes the video for today. Take a look at this plug-in, it might improve your security baselines.
[0:04:04] And with that thank you so much for watching. Be sure to subscribe and I will see you around.

 

Want to know more about Checkmk? Join us for our Introduction to Checkmk Webinar

Register now

More Checkmk Videos