Redis Enterprise DBMS must prohibit the use of cached authenticators after an organization-defined time period.

An XCCDF Rule

Description

If cached authentication information is out of date, the validity of the authentication information may be questionable. For more information on configuring time out periods on Redis Enterprise refer to: https://docs.redislabs.com/latest/rs/administering/access-control/

ID: SV-251224r961521_rule
Version: RD6X-00-009000
Severity: Medium
References: CCI-002007
Updated: 5 days ago

Remediation Templates

Configure Redis Enterprise settings to meet organizationally defined requirements. To configure the time out period, refer to Redis Enterprise Documentation: 

To set time out period for authentication, log in to the RHEL server that the Redis Enterprise database is hosted on as an admin user. Escalate to root privileges.
1. Type: rladmin
2. Once rladmin is started, type:  cluster config cm_session_timeout_minutes <value_to_enter>

By default, the timeout is set to 15 minutes.

Redis Enterprise DBMS must prohibit the use of cached authenticators after an organization-defined time period.

Description

Remediation Templates

A Manual Procedure