RHEL 8 must ensure session control is automatically started at shell initialization.

STIG ID: RHEL-08-020041  |  SRG: SRG-OS-000028-GPOS-00009 |  Severity: medium |  CCI: CCI-000056 |  Vulnerability Id: V-230349 | 

Vulnerability Discussion

Tmux is a terminal multiplexer that enables a number of terminals to be created, accessed, and controlled from a single screen. Red Hat endorses tmux as the recommended session controlling package.

Satisfies: SRG-OS-000028-GPOS-00009, SRG-OS-000030-GPOS-00011

Check

Verify the operating system shell initialization file is configured to start each shell with the tmux terminal multiplexer with the following commands:

Determine if tmux is currently running:
$ sudo ps all | grep tmux | grep -v grep

If the command does not produce output, this is a finding.

Determine the location of the tmux script:
$ sudo grep -r tmux /etc/bashrc /etc/profile.d

/etc/profile.d/tmux.sh: case "$name" in (sshd|login) tmux ;; esac

Review the tmux script by using the following example:
$ sudo cat /etc/profile.d/tmux.sh

if [ "$PS1" ]; then
parent=$(ps -o ppid= -p $$)
name=$(ps -o comm= -p $parent)
case "$name" in (sshd|login) tmux ;; esac
fi

If "tmux" is not configured as the example above, is commented out, or is missing, this is a finding.

Fix

Configure the operating system to initialize the tmux terminal multiplexer as each shell is called by adding the following lines to a custom.sh shell script in the /etc/profile.d/ directory:

if [ "$PS1" ]; then
parent=$(ps -o ppid= -p $$)
name=$(ps -o comm= -p $parent)
case "$name" in (sshd|login) tmux ;; esac
fi

This setting will take effect at next logon.
This website is not created by, run, approved, or endorsed by the U.S. Department of Defense. Use at your own risk. This website is created by open-source software.