Ubuntu 22.04 LTS must automatically exit interactive command shell user sessions after 15 minutes of inactivity.

STIG ID: UBTU-22-412030  |  SRG: SRG-OS-000279-GPOS-00109 | Severity: medium |  CCI: CCI-002361

Vulnerability Discussion

Terminating an idle interactive command shell user session within a short time period reduces the window of opportunity for unauthorized personnel to take control of it when left unattended in a virtual terminal or physical console.

Check

Verify Ubuntu 22.04 LTS is configured to automatically exit interactive command shell user sessions after 15 minutes of inactivity or less by using the following command:

$ sudo grep -E "\bTMOUT=[0-9]+" /etc/bash.bashrc /etc/profile.d/*
/etc/profile.d/99-terminal_tmout.sh:TMOUT=900

If "TMOUT" is not set to "900" or less, is set to "0", is commented out, or missing, this is a finding.

Fix

Configure Ubuntu 22.04 LTS to exit interactive command shell user sessions after 15 minutes of inactivity.

Create and/or append a custom file under "/etc/profile.d/" by using the following command:

$ sudo su -c "echo TMOUT=900 >> /etc/profile.d/99-terminal_tmout.sh"

This will set a timeout value of 15 minutes for all future sessions.

To set the timeout for the current sessions, execute the following command over the terminal session:

$ export TMOUT=900
This website is not created by, run, approved, or endorsed by the U.S. Department of Defense. Use at your own risk. This website is created by open-source software.