--- title: Verify Owner on SSH Server Configuration Directory description: Datadog, the leading service for cloud-scale monitoring. breadcrumbs: >- Docs > Datadog Security > OOTB Rules > Verify Owner on SSH Server Configuration Directory --- # Verify Owner on SSH Server Configuration Directory ## Description{% #description %} To properly set the owner of files in `/etc/ssh/sshd_config.d`, run the command: ``` find -H /etc/ssh/sshd_config.d -type d -exec chown -L root {} \; ``` ## Rationale{% #rationale %} Service configuration files enable or disable features of their respective services that if configured incorrectly can lead to insecure and vulnerable configurations. Therefore, service configuration files should be owned by the correct group to prevent unauthorized changes. ## Remediation{% #remediation %} ### Shell script{% #shell-script %} The following script can be run on the host to remediate the issue. ```bash #!/bin/bash # Remediation is applicable only in certain platforms if rpm --quiet -q kernel-core; then newown="" if id "0" >/dev/null 2>&1; then newown="0" fi if [[ -z "$newown" ]]; then >&2 echo "0 is not a defined user on the system" else find -P /etc/ssh/sshd_config.d/ -maxdepth 1 -type f ! -user 0 -regextype posix-extended -regex '^.*$' -exec chown --no-dereference "$newown" {} \; fi else >&2 echo 'Remediation is not applicable, nothing was done' fi ``` ### Ansible playbook{% #ansible-playbook %} The following playbook can be run with Ansible to remediate the issue. ```gdscript3 - name: Gather the package facts package_facts: manager: auto tags: - CCE-86268-0 - NIST-800-53-AC-17(a) - NIST-800-53-AC-6(1) - NIST-800-53-CM-6(a) - configure_strategy - file_owner_sshd_drop_in_config - low_complexity - low_disruption - medium_severity - no_reboot_needed - name: Set the file_owner_sshd_drop_in_config_newown variable if represented by uid ansible.builtin.set_fact: file_owner_sshd_drop_in_config_newown: '0' when: '"kernel-core" in ansible_facts.packages' tags: - CCE-86268-0 - NIST-800-53-AC-17(a) - NIST-800-53-AC-6(1) - NIST-800-53-CM-6(a) - configure_strategy - file_owner_sshd_drop_in_config - low_complexity - low_disruption - medium_severity - no_reboot_needed - name: Find /etc/ssh/sshd_config.d/ file(s) matching ^.*$ ansible.builtin.command: find -P /etc/ssh/sshd_config.d/ -maxdepth 1 -type f ! -user 0 -regextype posix-extended -regex "^.*$" register: files_found changed_when: false failed_when: false check_mode: false when: '"kernel-core" in ansible_facts.packages' tags: - CCE-86268-0 - NIST-800-53-AC-17(a) - NIST-800-53-AC-6(1) - NIST-800-53-CM-6(a) - configure_strategy - file_owner_sshd_drop_in_config - low_complexity - low_disruption - medium_severity - no_reboot_needed - name: Ensure owner on /etc/ssh/sshd_config.d/ file(s) matching ^.*$ ansible.builtin.file: path: '{{ item }}' follow: false owner: '{{ file_owner_sshd_drop_in_config_newown }}' state: file with_items: - '{{ files_found.stdout_lines }}' when: '"kernel-core" in ansible_facts.packages' tags: - CCE-86268-0 - NIST-800-53-AC-17(a) - NIST-800-53-AC-6(1) - NIST-800-53-CM-6(a) - configure_strategy - file_owner_sshd_drop_in_config - low_complexity - low_disruption - medium_severity - no_reboot_needed ```