Oracle Linux 8 STIG Version Comparison

There are 53 differences between versions v2 r5 (July 2, 2025) (the "left" version) and v2 r7 (Jan. 5, 2026) (the "right" version).

Check OL08-00-020040 was added to the benchmark in the "right" version.

This check's original form is available here.

Title

OL 8 must automatically exit interactive command shell user sessions after 10 minutes of inactivity.

Check Content

Verify OL 8 is configured to exit interactive command shell user sessions after 10 minutes of inactivity or less with the following command: $ sudo grep -i tmout /etc/profile /etc/profile.d/*.sh /etc/profile.d/tmout.sh:declare -xr TMOUT=600 If "TMOUT" is not set to "600" or less in a script located in the "/etc/'profile.d/ directory, is missing or is commented out, this is a finding.

Discussion

Terminating an idle interactive command shell user session within a short time period reduces the window of opportunity for unauthorized personnel to take control of it when left unattended in a virtual terminal or physical console. Satisfies: SRG-OS-000163-GPOS-00072, SRG-OS-000029-GPOS-00010

Fix

Configure OL 8 to exit interactive command shell user sessions after 10 minutes of inactivity. Add or edit the following line in "/etc/profile.d/tmout.sh": #!/bin/bash declare -xr TMOUT=600