This is not the latest version of the STIG. This is provided for archival purposes. See the latest STIG.

Amazon Linux 2023 must automatically exit interactive command shell user sessions after 15 minutes of inactivity.

STIG ID: AZLX-23-002396  |  SRG: SRG-OS-000163-GPOS-00072 |  Severity: medium (CAT II)  |  CCI: CCI-000057,CCI-001133 |  Vulnerability Id: V-274142

Vulnerability Discussion

Terminating an idle interactive command shell user session within a short time period reduces the window of opportunity for unauthorized personnel to take control of it when left unattended in a virtual terminal or physical console.

Check

Verify Amazon Linux 2023 is configured to exit interactive command shell user sessions after 10 minutes of inactivity or less with the following command:

$ sudo grep -i tmout /etc/profile /etc/profile.d/*.sh
/etc/profile.d/tmout.sh:declare -xr TMOUT=600

If "TMOUT" is not set to "600" or less in a script located in the "/etc/'profile.d/ directory, is missing or is commented out, this is a finding.

Fix

Configure Amazon Linux 2023 to exit interactive command shell user sessions after 10 minutes of inactivity.

Add or edit the following line in "/etc/profile.d/tmout.sh":

#!/bin/bash

declare -xr TMOUT=600
This website is not created by, run, approved, or endorsed by the U.S. Department of Defense. Use at your own risk. This website is created by open-source software.