Check: RHEL-09-412035
RHEL 9 STIG:
RHEL-09-412035
(in versions v1 r3 through v1 r1)
Title
RHEL 9 must automatically exit interactive command shell user sessions after 15 minutes of inactivity. (Cat II impact)
Discussion
Terminating an idle interactive command shell user session within a short time period reduces the window of opportunity for unauthorized personnel to take control of it when left unattended in a virtual terminal or physical console. Satisfies: SRG-OS-000163-GPOS-00072, SRG-OS-000029-GPOS-00010
Check Content
Verify RHEL 9 is configured to exit interactive command shell user sessions after 15 minutes of inactivity or less with the following command: $ sudo grep -i tmout /etc/profile /etc/profile.d/*.sh /etc/profile.d/tmout.sh:declare -xr TMOUT=900 If "TMOUT" is not set to "900" or less in a script located in the "/etc/'profile.d/ directory, is missing or is commented out, this is a finding.
Fix Text
Configure RHEL 9 to exit interactive command shell user sessions after 15 minutes of inactivity. Add or edit the following line in "/etc/profile.d/tmout.sh": #!/bin/bash declare -xr TMOUT=900
Additional Identifiers
Rule ID: SV-258068r926191_rule
Vulnerability ID: V-258068
Group Title: SRG-OS-000163-GPOS-00072
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-000057 |
The information system initiates a session lock after the organization-defined time period of inactivity. |
| CCI-001133 |
The information system terminates the network connection associated with a communications session at the end of the session or after an organization-defined time period of inactivity. |