The Tanium Operating System (TanOS) must enforce the limit of three consecutive invalid logon attempts by a user during a 15 minute time period.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-254839	TANS-OS-000070	SV-254839r958388_rule		Medium

Description
By limiting the number of failed login attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute forcing, is reduced. Limits are imposed by locking the account.

STIG	Date
Tanium 7.x Operating System on TanOS Security Technical Implementation Guide	2024-06-04

Details

Check Text ( C-58452r866056_chk )
1. Access the Tanium Server interactively. 2. Log on to the TanOS server with the tanadmin role. 3. Press "C" for "User Administration Menu," and then press "Enter". 4. Press L for "Local Tanium User Management," and then press "Enter". 5. Press "B" for "Security Policy Local Authentication Service," and then press "Enter". If the value of "Maximum Password Attempts:" is greater than "3", this is a finding.

Check Text ( C-58452r866056_chk )

1. Access the Tanium Server interactively.

2. Log on to the TanOS server with the tanadmin role.

3. Press "C" for "User Administration Menu," and then press "Enter".

4. Press L for "Local Tanium User Management," and then press "Enter".

5. Press "B" for "Security Policy Local Authentication Service," and then press "Enter".

If the value of "Maximum Password Attempts:" is greater than "3", this is a finding.

Fix Text (F-58396r866057_fix)
1. Access the Tanium Server interactively. 2. Log on to the TanOS server with the tanadmin role. 3. Press "C" for "User Administration Menu," and then press "Enter". 4. Press "L" for "Local Tanium User Management," and then press "Enter". 5. Press B for "Security Policy Local Authentication Service," and then press "Enter". 6. Type "yes," and then press "Enter". 7. Input the following settings pressing "Enter" after every value: a) Minimum Password Lifetime: Configure an appropriate value b) Maximum Password Lifetime: Configure an appropriate value c) Minimum Password Length: Configure an appropriate value d) Minimum Password History: Configure an appropriate value e) Password Lockout: Configure an appropriate value f) Maximum Password Attempts: 3 8. Type "yes" to accept the new password policy.

Fix Text (F-58396r866057_fix)

1. Access the Tanium Server interactively.

2. Log on to the TanOS server with the tanadmin role.

3. Press "C" for "User Administration Menu," and then press "Enter".

4. Press "L" for "Local Tanium User Management," and then press "Enter".

5. Press B for "Security Policy Local Authentication Service," and then press "Enter".

6. Type "yes," and then press "Enter".

7. Input the following settings pressing "Enter" after every value:
a) Minimum Password Lifetime: Configure an appropriate value
b) Maximum Password Lifetime: Configure an appropriate value
c) Minimum Password Length: Configure an appropriate value
d) Minimum Password History: Configure an appropriate value
e) Password Lockout: Configure an appropriate value
f) Maximum Password Attempts: 3

8. Type "yes" to accept the new password policy.