Check: AXOS-00-000005
Axonius Federal Systems Ax-OS STIG:
AXOS-00-000005
(in versions v1 r2 through v1 r1)
Title
Ax-OS must limit the number of concurrent sessions to 10 for all accounts and/or account types. (Cat II impact)
Discussion
Operating system management includes the ability to control the number of users and user sessions that utilize an operating system. Limiting the number of allowed users and sessions per user is helpful in reducing the risks related to denial-of-service (DoS) attacks. Satisfies: SRG-APP-000001, SRG-APP-000246, SRG-APP-000247, SRG-APP-000435
Check Content
From the Axonius Toolbox (accessed via Secure Shell [SSH]) Main Actions Menu, select the following options: Compliance Actions >> Advanced Compliance Actions >> Maximum Concurrent Logins If "Current Status: Disable" is shown, this is a finding.
Fix Text
From the Axonius Toolbox (accessed via SSH) Main Actions Menu, select the following options: Compliance Actions >> Advanced Compliance Actions >> Maximum Concurrent Logins >> Enable
Additional Identifiers
Rule ID: SV-276001r1122653_rule
Vulnerability ID: V-276001
Group Title: SRG-APP-000001
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-000054 |
Limit the number of concurrent sessions for each organization-defined account and/or account type to an organization-defined number. |
| CCI-001094 |
Restrict the ability of individuals to launch organization-defined denial of service attacks against other systems. |
| CCI-001095 |
Manage capacity, bandwidth, or other redundancy to limit the effects of information flooding types of denial-of-service attacks. |
| CCI-002385 |
Protect against or limit the effects of organization-defined types of denial-of-service events. |