Amazon Linux 2023 must automatically exit interactive command shell user sessions after 15 minutes of inactivity.

STIG ID: AZLX-23-002396  |  SRG: SRG-OS-000163-GPOS-00072 |  Severity: medium (CAT II)  |  CCI: CCI-000057,CCI-001133 |  Vulnerability Id: V-274142

Vulnerability Discussion

Terminating an idle interactive command shell user session within a short time period reduces the window of opportunity for unauthorized personnel to take control of it when left unattended in a virtual terminal or physical console.

Check

Verify Amazon Linux 2023 is configured to exit interactive command shell user sessions after 10 minutes of inactivity or less with the following command:

$ sudo grep -i tmout /etc/profile /etc/profile.d/*.sh
/etc/profile.d/tmout.sh:declare -xr TMOUT=600

If "TMOUT" is not set to "600" or less in a script located in the "/etc/'profile.d/ directory, is missing or is commented out, this is a finding.

Fix

Configure Amazon Linux 2023 to exit interactive command shell user sessions after 10 minutes of inactivity.

Add or edit the following line in "/etc/profile.d/tmout.sh":

#!/bin/bash

declare -xr TMOUT=600
This website is not created by, run, approved, or endorsed by the U.S. Department of Defense. Use at your own risk. This website is created by open-source software.