Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
Splunk Enterprise idle session timeout must be set to not exceed 15 minutes.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-251657 | SPLK-CL-000010 | SV-251657r808207_rule | Medium |
| Description |
|---|
| Automatic session termination after a period of inactivity addresses the potential for a malicious actor to exploit the unattended session. Closing any unattended sessions reduces the attack surface to the application. Satisfies: SRG-APP-000295-AU-000190, SRG-APP-000389-AU-000180 |
| STIG | Date |
|---|---|
| Splunk Enterprise 8.x for Linux Security Technical Implementation Guide | 2021-11-30 |
Details
| Check Text ( C-55095r808205_chk ) |
|---|
| This check is performed on the machine used as a search head, which may be a separate machine in a distributed environment. If the instance being reviewed is not used as a search head, this check in N/A. Examine the configuration. Navigate to the /etc/opt/splunk/system/local/ directory. View the web.conf file. If the web.conf file does not exist, this is a finding. If the "tools.sessions.timeout" is missing or is configured to 16 or more, this is a finding. |
| Fix Text (F-55049r808206_fix) |
|---|
| This configuration is performed on the machine used as a search head, which may be a separate machine in a distributed environment. If the web.conf file does not exist, copy the file from /etc/opt/splunk/system/default to the /etc/opt/splunk/system/local directory. Modify/Add the following lines in the web.conf file: tools.session.timeout = 15 |