Vulnerability Discussion
Terminating an idle interactive command shell user session within a short time period reduces the window of opportunity for unauthorized personnel to take control of it when left unattended in a virtual terminal or physical console.
Satisfies: SRG-OS-000163-GPOS-00072, SRG-OS-000029-GPOS-00010
Check
Verify RHEL 9 is configured to exit interactive command shell user sessions after 10 minutes of inactivity or less with the following command:
$ sudo grep -i tmout /etc/profile /etc/profile.d/*.sh
/etc/profile.d/tmout.sh:declare -xr TMOUT=600
If "TMOUT" is not set to "600" or less in a script located in the "/etc/'profile.d/ directory, is missing or is commented out, this is a finding.
Fix
Configure RHEL 9 to exit interactive command shell user sessions after 10 minutes of inactivity.
Add or edit the following line in "/etc/profile.d/tmout.sh":
#!/bin/bash
declare -xr TMOUT=600