Tanium must set an inactive timeout for sessions.

An XCCDF Rule

Description

<VulnDiscussion>Leaving sessions open indefinitely is a major security risk. An attacker can easily use an already authenticated session to access the hosted application as the previously authenticated user. By closing sessions after a set period of inactivity, the web server can make certain that sessions that are not closed through the user logging out of an application are eventually closed. Acceptable values are 5 minutes for high-value applications, 10 minutes for medium-value applications, and 20 minutes for low-value applications.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-93463r1_rule
Severity: Medium
References: CCI-002361
Updated: about 1 year ago

Using a web browser on a system that has connectivity to Tanium, access the Tanium web UI and log on with CAC.

Click on the navigation button (hamburger menu) on the top left of the console and then click on "Administration".

Select the "Global Settings" tab.
Click on "New Setting".

In "New System Setting" dialog box, enter "max_console_idle_seconds" for "Setting Name:".

Enter "900" for "Setting Value:".

Select "Server" from the "Affects" drop-down list.

Select "Numeric" from the "Value Type" drop-down list.

Click "Save".

If "max_console_idle_seconds" exists but is not "900" or less, select the box beside the value and click "Edit".

Enter "900" or less for "Setting Value:".

Click "Save".

Tanium must set an inactive timeout for sessions.

Description

Remediation - Manual Procedure