Check: RHEL-09-412035
RHEL 9 STIG:
RHEL-09-412035
(in versions v2 r3 through v2 r2)
Title
RHEL 9 must automatically exit interactive command shell user sessions after 15 minutes of inactivity. (Cat II impact)
Discussion
Terminating an idle interactive command shell user session within a short time period reduces the window of opportunity for unauthorized personnel to take control of it when left unattended in a virtual terminal or physical console. Satisfies: SRG-OS-000163-GPOS-00072, SRG-OS-000029-GPOS-00010
Check Content
Verify RHEL 9 is configured to exit interactive command shell user sessions after 10 minutes of inactivity or less with the following command: $ sudo grep -i tmout /etc/profile /etc/profile.d/*.sh /etc/profile.d/tmout.sh:declare -xr TMOUT=600 If "TMOUT" is not set to "600" or less in a script located in the "/etc/'profile.d/ directory, is missing or is commented out, this is a finding.
Fix Text
Configure RHEL 9 to exit interactive command shell user sessions after 10 minutes of inactivity. Add or edit the following line in "/etc/profile.d/tmout.sh": #!/bin/bash declare -xr TMOUT=600
Additional Identifiers
Rule ID: SV-258068r1014872_rule
Vulnerability ID: V-258068
Group Title: SRG-OS-000163-GPOS-00072
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-000057 |
Prevent further access to the system by initiating a device lock after organization-defined time period of inactivity; and/or requiring the user to initiate a device lock before leaving the system unattended. |
| CCI-001133 |
Terminate the network connection associated with a communications session at the end of the session or after an organization-defined time period of inactivity. |