Detections
Analytics

1.84 UBTU-22-412030

Information

The operating system must automatically exit interactive command shell user sessions after 15 minutes of inactivity.

GROUP ID: V-260554
RULE ID: SV-260554r958636

Terminating an idle interactive command shell user session within a short time period reduces the window of opportunity for unauthorized personnel to take control of it when left unattended in a virtual terminal or physical console.

Solution

Configure the operating system to exit interactive command shell user sessions after 15 minutes of inactivity.

Create and/or append a custom file under "/etc/profile.d/" by using the following command:

$ sudo su -c "echo TMOUT=900 >> /etc/profile.d/99-terminal_tmout.sh"

This will set a timeout value of 15 minutes for all future sessions.

To set the timeout for the current sessions, execute the following command over the terminal session:

$ export TMOUT=900

See Also

https://workbench.cisecurity.org/benchmarks/22168

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-12, CAT|II, CCI|CCI-002361, CSCv7|16.11, Rule-ID|SV-260554r958636_rule, STIG-ID|UBTU-22-412030, Vuln-ID|V-260554

Plugin: Unix

Control ID: 1ae2a04a5decc7e39b3ea1ccfd1a07d157314eada78e06f63c23f509048dcb27