SSMC web server must enable strict two-factor authentication for access to the webUI.

An XCCDF Rule

Description

<VulnDiscussion>Accounts secured with only a password are subject to multiple forms of attack, from brute force, to social engineering. By enforcing strict two-factor authentication, this reduces the risk of account compromise by requiring an additional factor that is not a password. Strict two-factor authentication is enabled by default. However, this is enforced only when two-factor authentication is configured and active. This blocks access to web administrator console for ssmcadmin as this is a local account authenticated using password credentials. To allow access to administrator console, disable this strict two-factor authentication setting.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-255265r961863_rule
Severity: Medium
References: CCI-000765 CCI-000766
Updated: 17 days ago

Configure SSMC to enforce strict two-factor authentication by doing the following:

1. Log on to SSMC appliance as ssmcadmin.

2. Navigate to the Advanced Features section of the TUI by pressing "9" then "2". Press "1"  to "Enable strict two-factor authentication" and "Y" to confirm.
3. Escape to the bash shell by pressing "X".

4. Enable and enforce strict two-factor authentication by setting these two properties in /opt/hpe/ssmc/ssmcbase/resources/ssmc.properties:

security.twofactor.enabled = true
security.twofactor.strict = true

SSMC web server must enable strict two-factor authentication for access to the webUI.

Description

Remediation - Manual Procedure