Concurrent Login

Support forum for Nagios Core, Nagios Plugins, NCPA, NRPE, NSCA, NDOUtils and more. Engage with the community of users including those using the open source solutions.
Locked
sugardaddyz
Posts: 7
Joined: Wed Aug 28, 2019 11:22 am

Concurrent Login

Post by sugardaddyz »

Hi guys,

Recently our security team has flagged out the below:

A single user account is permitted to login repeatedly to maintain multiple active sessions at a time. Concurrent sessions increase the chances of a user being unable to detect whether his account has been compromised. It also allows an attacker who has gained access once to perpetuate his session, as he will not be logged out upon a valid logon by a legitimate user.


Is there a way to disable concurrent logon?
Top
scottwilkerson
DevOps Engineer
Posts: 19396
Joined: Tue Nov 15, 2011 3:11 pm
Location: Nagios Enterprises
Contact:
Contact scottwilkerson

Re: Concurrent Login

Post by scottwilkerson »

sugardaddyz wrote:Is there a way to disable concurrent logon?
Sorry, there is no such feature in Nagios Core
Former Nagios employee
Creator:
Human Design Website
Get Your Human Design Chart
Top
sugardaddyz
Posts: 7
Joined: Wed Aug 28, 2019 11:22 am

Re: Concurrent Login

Post by sugardaddyz »

Is this feature available in Nagios XI?
Top
scottwilkerson
DevOps Engineer
Posts: 19396
Joined: Tue Nov 15, 2011 3:11 pm
Location: Nagios Enterprises
Contact:
Contact scottwilkerson

Re: Concurrent Login

Post by scottwilkerson »

In XI there is some session management where you can set session expiration as well as Admins can view sessions opened, IP addresses that are connected to the session, and take actions (like killing the session)
Former Nagios employee
Creator:
Human Design Website
Get Your Human Design Chart
Top
Locked

Return to “Open Source Nagios Projects”