Check: CNTR-MK-000940
Mirantis Kubernetes Engine STIG:
CNTR-MK-000940
(in version v1 r1)
Title
The Lifetime Minutes and Renewal Threshold Minutes Login Session Controls on MKE must be set. (Cat II impact)
Discussion
The "Lifetime Minutes" and "Renewal Threshold Minutes" login session controls in MKE are part of security features that help manage user sessions within the MKE environment. Setting these controls is essential. MKE must terminate all network connections associated with a communications session at the end of the session, or as follows: For in-band management sessions (privileged sessions), the session must be terminated after 10 minutes of inactivity.
Check Content
Log in to the MKE web UI and navigate to admin >> Admin Settings >> Authentication & Authorization. Ensure that "Lifetime Minutes" is set to "10" and "Renewal Threshold Minutes" is set to "0". If these settings are not configured as specified, this is a finding.
Fix Text
Log in to the MKE web UI and navigate to admin >> Admin Settings >> Authentication & Authorization. - Below Lifetime Minutes, enter "10". - Below Renewal Threshold, enter "0". - Click "Save".
Additional Identifiers
Rule ID: SV-260903r966066_rule
Vulnerability ID: V-260903
Group Title: SRG-APP-000190-CTR-000500
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-001133 |
The information system terminates the network connection associated with a communications session at the end of the session or after an organization-defined time period of inactivity. |
| CCI-002007 |
The information system prohibits the use of cached authenticators after an organization-defined time period. |
| CCI-002038 |
The organization requires users to reauthenticate upon organization-defined circumstances or situations requiring reauthentication. |