Ubuntu

SSH session timeouts looked like a straightforward CMMC Level 2 control. After digging through man pages, source code, bug trackers, and a fair amount of testing, I had a completely different solution than I started with. This is what happened. The Controls Two CMMC Level 2 controls are directly relevant here: AC.L2-3.1.11 (NIST SP 800-171 3.1.11): Automatically terminate user sessions after a defined condition. This means a full termination, not a screen lock, not a network disconnect. The user’s processes must be cleaned up and re-authentication required. For SSH on Linux, the shell must actually exit. ...

I inherited a set of Ubuntu servers that were provisioned outside of our normal provisioning and configuration methods of Foreman and Ansible, talking to Windows DHCP servers that use DHCP Option 81 for dynamic DNS registration. The problem was that some servers were getting their DNS A records registered correctly and some were not. The inconsistency was problematic, and the more I dug into it, the worse it got. This is the story of chasing that inconsistency, finding a workaround, realising the workaround was unnecessary, and ending up with a PR open against systemd upstream to fix a man page that has been inconsistent and ambiguous for years. ...