STIGQter: STIG Summary: Oracle Linux 6 Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:

The system must limit users to 10 simultaneous system logins, or a site-defined number, in accordance with operational requirements.

DISA Rule

SV-209033r603263_rule

Vulnerability Number

V-209033

Group Title

SRG-OS-000027

Rule Version

OL6-00-000319

Severity

CAT III

CCI(s)

• CCI-000054 - The information system limits the number of concurrent sessions for each organization-defined account and/or account type to an organization-defined number of sessions.

Weight

10

Fix Recommendation

Limiting the number of allowed users and sessions per user can limit risks related to denial of service attacks. This addresses concurrent sessions for a single account and does not address concurrent sessions by a single user via multiple accounts. To set the number of concurrent sessions per user add the following line in "/etc/security/limits.conf":

* hard maxlogins 10

A documented site-defined number may be substituted for 10 in the above.

Check Contents

Run the following command to ensure the "maxlogins" value is configured for all users on the system:

$ grep "maxlogins" /etc/security/limits.conf /etc/security/limits.d/*.conf

You should receive output similar to the following:

* hard maxlogins 10

If it is not similar, this is a finding.

Vulnerability Number

V-209033

Documentable

False

Rule Version

OL6-00-000319

Severity Override Guidance

Run the following command to ensure the "maxlogins" value is configured for all users on the system:

$ grep "maxlogins" /etc/security/limits.conf /etc/security/limits.d/*.conf

You should receive output similar to the following:

* hard maxlogins 10

If it is not similar, this is a finding.

Check Content Reference

M

Target Key

2928

Comments