Check: CNTR-RM-000850
Rancher Government Solutions Multi-Cluster Manager STIG:
CNTR-RM-000850
(in versions v1 r3 through v1 r1)
Title
Rancher MCM must never automatically remove or disable emergency accounts. (Cat II impact)
Discussion
Emergency accounts are administrator accounts that are established in response to crisis situations where the need for rapid account activation is required. Therefore, emergency account activation may bypass normal account authorization processes. If these accounts are automatically disabled, system maintenance during emergencies may not be possible, thus adversely affecting system availability. Emergency accounts are different from infrequently used accounts (i.e., local logon accounts used by system administrators when network or normal logon/access is not available). Infrequently used accounts also remain available and are not subject to automatic termination dates. However, an emergency account is normally a different account that is created for use by vendors or system maintainers. To address access requirements, many application developers choose to integrate their applications with enterprise-level authentication/access mechanisms that meet or exceed access control policy requirements. Such integration allows the application developer to off-load those access control functions and focus on core application features and functionality. Local Admin user should exist so that Rancher can be used if the external authentication service encounters issues.
Check Content
Ensure local emergency admin account has not been removed and is the only Local account. Navigate to the Triple Bar Symbol(Global) >> Users & Authentication. In the left navigation menu, click "Users". There should be only one local account and that account should have administrator role. If no local administrator account exists or there is more than one local account, this is a finding.
Fix Text
Ensure local emergency admin account has not been removed and is the only Local account. Navigate to the Triple Bar Symbol(Global) >> Users & Authentication. In the left navigation menu, click "Users". To Create a User: -Click "Create". -Complete the "Add User" form. Ensure Global Permissions are set to "Administrator". -Click "Create". To Delete a User: -Select the user and click "Delete".
Additional Identifiers
Rule ID: SV-252847r879644_rule
Vulnerability ID: V-252847
Group Title: SRG-APP-000234-CTR-000590
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-001682 |
The information system automatically removes or disables emergency accounts after an organization-defined time period for each type of account. |
Controls
Number | Title |
---|---|
AC-2 (2) |
Removal Of Temporary / Emergency Accounts |