UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Splunk Enterprise idle session timeout must be set to not exceed 15 minutes.


Overview

Finding ID Version Rule ID IA Controls Severity
V-251657 SPLK-CL-000010 SV-251657r992037_rule Medium
Description
Automatic session termination after a period of inactivity addresses the potential for a malicious actor to exploit the unattended session. Closing any unattended sessions reduces the attack surface to the application. Satisfies: SRG-APP-000295-AU-000190, SRG-APP-000389-AU-000180
STIG Date
Splunk Enterprise 8.x for Linux Security Technical Implementation Guide 2024-06-10

Details

Check Text ( C-55095r992036_chk )
This check is performed on the machine used as a search head, which may be a separate machine in a distributed environment.

If the instance being reviewed is not used as a search head, this check in Not Applicable.

Examine the configuration.

Navigate to the $SPLUNK_HOME/etc/system/local/ directory. View the web.conf file.

If the web.conf file does not exist, this is a finding.

If the "tools.sessions.timeout" is missing or is configured to 16 or more, this is a finding.
Fix Text (F-55049r819078_fix)
This configuration is performed on the machine used as a search head, which may be a separate machine in a distributed environment.

If the web.conf file does not exist, copy the file from $SPLUNK_HOME/etc/system/default to the $SPLUNK_HOME/etc/system/local directory.

Modify/Add the following lines in the web.conf file:

tools.session.timeout = 15