Title

Ubuntu OS must automatically exit interactive command shell user sessions after five minutes of inactivity. (Cat II impact)

Discussion

Terminating an idle interactive command shell user session within a short time period reduces the window of opportunity for unauthorized personnel to take control of it when left unattended in a virtual terminal or physical console.

Check Content

Verify Ubuntu OS is configured to automatically exit interactive command shell user sessions after five minutes of inactivity or less by using the following command: $ sudo grep -E "\bTMOUT=[0-9]+" /etc/bash.bashrc /etc/profile.d/* /etc/profile.d/99-terminal_tmout.sh:TMOUT=300 If "TMOUT" is not set to "300" or less, is set to "0", is commented out, or missing, this is a finding.

Fix Text

Configure Ubuntu OS to exit interactive command shell user sessions after five minutes of inactivity. Create and/or append a custom file under "/etc/profile.d/" by using the following command: $ sudo su -c "echo TMOUT=300 >> /etc/profile.d/99-terminal_tmout.sh" This will set a timeout value of five minutes for all future sessions. To set the timeout for the current sessions, execute the following command over the terminal session: $ export TMOUT=300

Additional Identifiers

Rule ID: SV-275643r1147979_rule

Vulnerability ID: V-275643

Group Title: SRG-OS-000279-GPOS-00109

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.