AlmaLinux OS 9 must automatically exit interactive command shell user sessions after 10 minutes of inactivity.

STIG ID: ALMA-09-001890  |  SRG: SRG-OS-000029-GPOS-00010 |  Severity: medium |  CCI: CCI-000057,CCI-002364,CCI-001133 |  Vulnerability Id: V-269108

Vulnerability Discussion

Terminating an idle interactive command shell user session within a short time period reduces the window of opportunity for unauthorized personnel to take control of it when left unattended in a virtual terminal or physical console.

Declaring $TMOUT as read-only means the user cannot override the setting.

Satisfies: SRG-OS-000029-GPOS-00010, SRG-OS-000281-GPOS-00111, SRG-OS-000163-GPOS-00072

Check

Verify AlmaLinux OS 9 is configured to exit interactive command shell user sessions after 10 minutes of inactivity or less with the following command:

$ grep TMOUT /etc/profile /etc/profile.d/*.sh

/etc/profile.d/tmout.sh:declare -xr TMOUT=600

If "TMOUT" is not set to "600" or less in a script located in the "/etc/'profile.d/ directory, is missing or is commented out, this is a finding.

Fix

Configure AlmaLinux OS 9 to exit interactive command shell user sessions after 10 minutes of inactivity using the following command:

echo "declare -xr TMOUT=600" > /etc/profile.d/tmout.sh
This website is not created by, run, approved, or endorsed by the U.S. Department of Defense. Use at your own risk. This website is created by open-source software.