Rule ID
SV-279528r1192544_rule
Version
V1R1
CCIs
Operating system management includes the ability to control the number of users and user sessions that utilize an operating system. Limiting the number of allowed users and sessions per user is helpful in reducing the risks related to denial-of-service (DoS) attacks. This requirement addresses concurrent sessions for information system accounts and does not address concurrent sessions by single users via multiple system accounts. The maximum number of concurrent sessions should be defined based upon mission needs and the operational environment for each system.
For AHV, this requirement is Inherently Met. For AOS, Prism Central, and Files, run the following command to verify Nutanix OS instances limit concurrent logins to 10 or fewer: $ sudo grep "maxlogins" /etc/security/limits.conf If the line "* hard maxlogins 10" is missing, commented out, or set to a number more than 10, this is a finding.
Configure Nutanix OS instances to limit concurrent logins to 10. 1. For AHV, the value of "* hard maxlogins" is set to 10 by the vendor and must not be altered by customers. If the value is not set to the 10, this is an unauthorized modification which may indicate the security settings for the build has been modified. Rebuild the system from source to correct this issue. 2. For AOS, Prism Central, and Files, run the following command. $ configure_dod_mode.sh enter_dod_mode