An error occurred:

Check: SUN0090

Sun Ray 4 STIG: SUN0090 (in version v1 r2)

Title

Sun Ray Server administrator session default timeout is used. (Cat II impact)

Discussion

Administrator sessions to the Sun Ray Server are critical to the availability and integrity of the system. The default timeout for these sessions is 30 minutes of inactivity. This session timeout is longer than the 10 minutes required by the Operating System and Network STIGs. Therefore, all administrator sessions will be configured to 10 minutes of inactivity to ensure unauthorized users do not gain access to the system configuration.

Check Content

On the Sun Ray server perform the following: # cat /etc/opt/SUNWut/webamin/webadmin.conf | grep session.timeout # The session timeout (specified in minutes) Session.timeout=10 If the “session.timeout” value does not equal 10 minutes or less, this is a finding.

Fix Text

Configure the administrator session timeout value to 10 minutes or less.

Additional Identifiers

Rule ID:

Vulnerability ID: V-16075

Group Title:

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
No CCIs are assigned to this check

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
No controls are assigned to this check