APPLIES TO

Tenable Core

OPERATING SYSTEM(S)

TenableCore

DESCRIPTION

Tenable Core, a lightly customized version of Oracle Linux 8, is hardened in accordance with security best practices including some elements of the CIS Level 1 benchmarks. One benchmark in particular has the potential to lock users out and expire their account:

Default Security Configuration Standards

5.4.1.4 Ensure inactive password lock is 30 days or less

This requirement means that user accounts will be automatically disabled after a period of 30 days of inactivity following password expiration. In order to prevent this, Tenable Core users should log into the cockpit (8000) or SSH at least once every 365 days and update their account password to prevent it from expiring, which in turn prevents the account from becoming locked out.

INFORMATION

Please log into Tenable Connect to view the following additional resources and access more support.

If your account has already expired due to the above requirement, the following knowledge base article will help to resolve it:

Unable to Sign Into Tenable Core "Authentication failed: internal-error"

For a physical hardware hosted Tenable Core instance, this may require a keyboard and monitor hooked up or serial access. If needed, steps 10-15 of the following article can be used to attach to the serial console for direct interaction:

Installing a new platform via USB for Tenable OT Security Hardware Appliances

For Tenable OT Security environments, please see Leveraging the Remote Unlock Feature in Tenable Core for instructions on how to remotely unlock administrative accounts on Tenable Core machines.