Vulnerability Discussion
The session lock is implemented at the point where session activity can be determined. Rather than be forced to wait for a period of time to expire before the user session can be locked, RHEL 9 must provide users with the ability to manually invoke a session lock so users can secure their session if it is necessary to temporarily vacate the immediate physical vicinity.
Satisfies: SRG-OS-000324-GPOS-00125, SRG-OS-000028-GPOS-00009
Check
Verify RHEL 9 prevents users from disabling the tmux terminal multiplexer with the following command:
$ grep -i tmux /etc/shells
If any output is produced, this is a finding.
Fix
Configure RHEL 9 to prevent users from disabling the tmux terminal multiplexer by editing the "/etc/shells" configuration file to remove any instances of tmux.