UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The HYCU server and Web UI must terminate all network connections associated with a device management session at the end of the session, or the session must be terminated after 15 minutes of inactivity except to fulfill documented and validated mission requirements.


Overview

Finding ID Version Rule ID IA Controls Severity
V-246857 HYCU-SC-000001 SV-246857r768243_rule High
Description
Terminating an idle session within a short time period reduces the window of opportunity for unauthorized personnel to take control of a management session enabled on the console or console port that has been left unattended. In addition, quickly terminating an idle session will also free up resources committed by the managed network element.
STIG Date
HYCU for Nutanix Security Technical Implementation Guide 2021-08-03

Details

Check Text ( C-50289r768233_chk )
Log on to the HYCU VM console. For console connections, check for the value of the "TMOUT" option in "/home/hycu/.bashrc" with the following command:
grep TMOUT /home/hycu/.bashrc

If the "TMOUT" value is not set to 900 or less, this is a finding.

For SSH connections, check for the value of the "ClientAliveInterval" option in "/etc/ssh/sshd_config" with the following command:
grep ClientAliveInterval /etc/ssh/sshd_config

If the "ClientAliveInterval" value is not set to 15 or less, this is a finding.

For UI connections, run the following command to check configured HYCU session timeout:
cat /opt/grizzly/config.properties | grep api.session.expiration.minutes

If not configured at "15" or less, this is a finding.
Fix Text (F-50243r768234_fix)
Configure the operating system to enforce timeout settings.

Add the following line to "/home/hycu/.bashrc" (or modify the line to have the required value):
TMOUT=900

Add the following line to "/etc/ssh/sshd_config" (or modify the line to have the required value):
ClientAliveInterval 900

Edit the "/opt/grizzly/config.properties" file by running:
sudo vi /opt/grizzly/config.properties

Add the following line or modify the line to have the required value:
api.session.expiration.minutes=15

Save the file by typing:
:wq!