STIGQter: STIG Summary: VMware vRealize Automation 7.x SLES Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 28 Sep 2018:

The SLES for vRealize must limit the number of concurrent sessions to 10 for all accounts and/or account types.

DISA Rule

SV-100125r1_rule

Vulnerability Number

V-89475

Group Title

SRG-OS-000027-GPOS-00008

Rule Version

VRAU-SL-000040

Severity

CAT III

CCI(s)

• CCI-000054 - The information system limits the number of concurrent sessions for each organization-defined account and/or account type to an organization-defined number of sessions.

Weight

10

Fix Recommendation

Configure the SLES for vRealize to limit the number of concurrent sessions to "10" for all accounts and/or account types by using the following command.

sed -i 's/\(^* *hard *maxlogins\).*/* hard maxlogins 10/g' /etc/security/limits.conf

Check Contents

Verify the SLES for vRealize limits the number of concurrent sessions to "10" for all accounts and/or account types with the following command:

# grep maxlogins /etc/security/limits.conf | grep -v '#'

The default maxlimits should be set to a max of "10" or a documented site defined number:

* hard maxlogins 10

If no such line exists, this is a finding.

Vulnerability Number

V-89475

Documentable

False

Rule Version

VRAU-SL-000040

Severity Override Guidance

Verify the SLES for vRealize limits the number of concurrent sessions to "10" for all accounts and/or account types with the following command:

# grep maxlogins /etc/security/limits.conf | grep -v '#'

The default maxlimits should be set to a max of "10" or a documented site defined number:

* hard maxlogins 10

If no such line exists, this is a finding.

Check Content Reference

M

Target Key

3459

Comments