Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-251224 | RD6X-00-009000 | SV-251224r855614_rule | Medium |
Description |
---|
If cached authentication information is out of date, the validity of the authentication information may be questionable. For more information on configuring time out periods on Redis Enterprise refer to: https://docs.redislabs.com/latest/rs/administering/access-control/ |
STIG | Date |
---|---|
Redis Enterprise 6.x Security Technical Implementation Guide | 2022-09-19 |
Check Text ( C-54659r804860_chk ) |
---|
Interview the system administrator to determine what, if any, the organizational policy is for cached authentication. By default, Redis Enterprise terminates authenticators after a user logs or times out. To view the current time out period for authentication, log in to the RHEL server that the Redis Enterprise database is hosted on as an admin user. 1. Type: rladmin 2. Once rladmin is started, type: info cluster Check documentation to verify that organizationally defined limits, if any, have been set. Compare documentation to actual settings found on the DB. If the settings do not match the documentation, this is a finding. |
Fix Text (F-54613r804861_fix) |
---|
Configure Redis Enterprise settings to meet organizationally defined requirements. To configure the time out period, refer to Redis Enterprise Documentation: To set time out period for authentication, log in to the RHEL server that the Redis Enterprise database is hosted on as an admin user. Escalate to root privileges. 1. Type: rladmin 2. Once rladmin is started, type: cluster config cm_session_timeout_minutes By default, the timeout is set to 15 minutes. |