Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The HYCU 4.1 application and server must limit the number of concurrent sessions to an organization-defined number for each administrator account and/or administrator account type.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-246819 | HYCU-AC-000001 | SV-246819r768121_rule | Medium |
| Description |
|---|
| Device management includes the ability to control the number of administrators and management sessions that manage a device. Limiting the number of allowed administrators and sessions per administrator based on account type, role, or access type is helpful in limiting risks related to DoS attacks. |
| STIG | Date |
|---|---|
| HYCU for Nutanix Security Technical Implementation Guide | 2021-08-03 |
Details
| Check Text ( C-50251r768119_chk ) |
|---|
| In the HYCU Web UI, only one logon can be used at a time. If the previous connection is not logged upon logging on to the Web UI again with the same credentials, this is a finding. Log on to the HYCU VM console. To check number of allowed concurrent session connections, grep file "/etc/security/limits.conf" by executing the following command: grep maxlogins /etc/security/limits.conf Verify the following line exists: hycu hard maxlogins 1 If the "maxlogins" value is not set to 1 or is missing, this is a finding. |
| Fix Text (F-50205r768120_fix) |
|---|
| The Web UI will only always allow one user session at a time. For CLI, configure the operating system to limit the max number of concurrent sessions to 1 by adding the following line to "/etc/security/limits.conf": hycu hard maxlogins 1 |