Check: RHEL-09-412025
RHEL 9 STIG:
RHEL-09-412025
(in versions v2 r1 through v1 r1)
Title
RHEL 9 must automatically lock command line user sessions after 15 minutes of inactivity. (Cat II impact)
Discussion
A session time-out lock is a temporary action taken when a user stops work and moves away from the immediate physical vicinity of the information system but does not logout because of the temporary nature of the absence. Rather than relying on the user to manually lock their operating system session prior to vacating the vicinity, tmux can be configured to identify when a user's session has idled and take action to initiate a session lock. Satisfies: SRG-OS-000029-GPOS-00010, SRG-OS-000031-GPOS-00012
Check Content
Verify RHEL 9 initiates a session lock after 15 minutes of inactivity. Check the value of the system inactivity timeout with the following command: $ grep -i lock-after-time /etc/tmux.conf set -g lock-after-time 900 If "lock-after-time" is not set to "900" or less in the global tmux configuration file to enforce session lock after inactivity, this is a finding.
Fix Text
Configure RHEL 9 to enforce session lock after a period of 15 minutes of inactivity by adding the following line to the "/etc/tmux.conf" global configuration file: set -g lock-after-time 900
Additional Identifiers
Rule ID: SV-258066r958402_rule
Vulnerability ID: V-258066
Group Title: SRG-OS-000029-GPOS-00010
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-000057 |
Prevent further access to the system by initiating a device lock after organization-defined time period of inactivity; and/or requiring the user to initiate a device lock before leaving the system unattended. |
| CCI-000060 |
Conceal, via the device lock, information previously visible on the display with a publicly viewable image. |