The Tanium Operating System (TanOS) must enforce the limit of three consecutive invalid logon attempts by a user during a 15 minute time period.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-254839 | TANS-OS-000070 | SV-254839r866058_rule | Medium |
| Description |
|---|
| By limiting the number of failed login attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute forcing, is reduced. Limits are imposed by locking the account. |
| STIG | Date |
|---|---|
| Tanium 7.x Operating System on TanOS Security Technical Implementation Guide | 2022-10-31 |
Details
| Check Text ( C-58452r866056_chk ) |
|---|
| 1. Access the Tanium Server interactively. 2. Log on to the TanOS server with the tanadmin role. 3. Press "C" for "User Administration Menu," and then press "Enter". 4. Press L for "Local Tanium User Management," and then press "Enter". 5. Press "B" for "Security Policy Local Authentication Service," and then press "Enter". If the value of "Maximum Password Attempts:" is greater than "3", this is a finding. |
| Fix Text (F-58396r866057_fix) |
|---|
| 1. Access the Tanium Server interactively. 2. Log on to the TanOS server with the tanadmin role. 3. Press "C" for "User Administration Menu," and then press "Enter". 4. Press "L" for "Local Tanium User Management," and then press "Enter". 5. Press B for "Security Policy Local Authentication Service," and then press "Enter". 6. Type "yes," and then press "Enter". 7. Input the following settings pressing "Enter" after every value: a) Minimum Password Lifetime: Configure an appropriate value b) Maximum Password Lifetime: Configure an appropriate value c) Minimum Password Length: Configure an appropriate value d) Minimum Password History: Configure an appropriate value e) Password Lockout: Configure an appropriate value f) Maximum Password Attempts: 3 8. Type "yes" to accept the new password policy. |