RHEL 9 must automatically exit interactive command shell user sessions after 15 minutes of inactivity.

STIG ID: RHEL-09-412035  |  SRG: SRG-OS-000163-GPOS-00072 |  Severity: medium |  CCI: CCI-000057,CCI-001133 |  Vulnerability Id: V-258068 | 

Vulnerability Discussion

Terminating an idle interactive command shell user session within a short time period reduces the window of opportunity for unauthorized personnel to take control of it when left unattended in a virtual terminal or physical console.

Satisfies: SRG-OS-000163-GPOS-00072, SRG-OS-000029-GPOS-00010

Check

Verify RHEL 9 is configured to exit interactive command shell user sessions after 15 minutes of inactivity or less with the following command:

$ sudo grep -i tmout /etc/profile /etc/profile.d/*.sh

/etc/profile.d/tmout.sh:declare -xr TMOUT=900

If "TMOUT" is not set to "900" or less in a script located in the "/etc/'profile.d/ directory, is missing or is commented out, this is a finding.

Fix

Configure RHEL 9 to exit interactive command shell user sessions after 15 minutes of inactivity.

Add or edit the following line in "/etc/profile.d/tmout.sh":

#!/bin/bash

declare -xr TMOUT=900
This website is not created by, run, approved, or endorsed by the U.S. Department of Defense. Use at your own risk. This website is created by open-source software.