RHEL 9 must prevent users from disabling session control mechanisms.

STIG ID: RHEL-09-412030  |  SRG: SRG-OS-000324-GPOS-00125 |  Severity: low |  CCI: CCI-000056,CCI-002235 |  Vulnerability Id: V-258067 | 

Vulnerability Discussion

The session lock is implemented at the point where session activity can be determined. Rather than be forced to wait for a period of time to expire before the user session can be locked, RHEL 9 must provide users with the ability to manually invoke a session lock so users can secure their session if it is necessary to temporarily vacate the immediate physical vicinity.

Satisfies: SRG-OS-000324-GPOS-00125, SRG-OS-000028-GPOS-00009

Check

Verify RHEL 9 prevents users from disabling the tmux terminal multiplexer with the following command:

$ grep -i tmux /etc/shells

If any output is produced, this is a finding.

Fix

Configure RHEL 9 to prevent users from disabling the tmux terminal multiplexer by editing the "/etc/shells" configuration file to remove any instances of tmux.