STIG compliance - BlueCat Address Manager - 9.2.0

Address Manager Administration Guide

prodname
BlueCat Address Manager
version_custom
9.2.0

This topic explains STIG compliance security standards and measures.

STIG compliance demands high security standards and measures for servers and other network appliances. Most STIG-compliant configurations are not visible during normal server operation. However, there are three areas in which STIG-compliant changes are visible and affect the operation of the server:

  • User account passwords and usage
  • Direct login to the root account
  • Kernel audit logging
    Note: To maintain backward functional compatibility with previous BlueCat releases, BlueCat appliances and VMs ship with these three STIG features disabled. You must enable STIG compliance in order to activate these STIG features.

User account passwords and usage

A user account must have a password that contains a minimum of 14 characters and uses special characters. User accounts allow a maximum of three failed, consecutive log in attempts before the account is locked out. An account that has not been logged into for a period of 35 days also gets locked out.
Note: For details on freeing a locked account, refer to Resetting a locked user account.

Direct login to the root account

Logging in to the root account on the console or through an SSH session has been disabled. When this restriction is enabled, a non-privileged log in account (bluecat is the user name and the password) is created automatically to allow you log in to the server. To gain root access to the server, you must login as bluecat and use the su – command to gain access to the root shell.

Kernel audit logging

Audit logging of file access and other kernel services is enabled. Currently, the default audit rules required by the DISA SRR scanning scripts create a significant performance slowdown owing to extensive diagnostic logging. BlueCat recommends you define the set of auditing rules that will meet your audit logging requirements while minimizing the impact on the system. For more information, refer to Knowledge Base article 5472 on BlueCat Customer Care.