UCF STIG Viewer Logo

Redis Enterprise DBMS must prohibit the use of cached authenticators after an organization-defined time period.


Overview

Finding ID Version Rule ID IA Controls Severity
V-251224 RD6X-00-009000 SV-251224r855614_rule Medium
Description
If cached authentication information is out of date, the validity of the authentication information may be questionable. For more information on configuring time out periods on Redis Enterprise refer to: https://docs.redislabs.com/latest/rs/administering/access-control/
STIG Date
Redis Enterprise 6.x Security Technical Implementation Guide 2022-09-19

Details

Check Text ( C-54659r804860_chk )
Interview the system administrator to determine what, if any, the organizational policy is for cached authentication. By default, Redis Enterprise terminates authenticators after a user logs or times out.

To view the current time out period for authentication, log in to the RHEL server that the Redis Enterprise database is hosted on as an admin user.
1. Type: rladmin
2. Once rladmin is started, type: info cluster

Check documentation to verify that organizationally defined limits, if any, have been set. Compare documentation to actual settings found on the DB.

If the settings do not match the documentation, this is a finding.
Fix Text (F-54613r804861_fix)
Configure Redis Enterprise settings to meet organizationally defined requirements. To configure the time out period, refer to Redis Enterprise Documentation:

To set time out period for authentication, log in to the RHEL server that the Redis Enterprise database is hosted on as an admin user. Escalate to root privileges.
1. Type: rladmin
2. Once rladmin is started, type: cluster config cm_session_timeout_minutes

By default, the timeout is set to 15 minutes.