Ubuntu operating system sessions must be automatically logged out after 15 minutes of inactivity.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-75441 | UBTU-16-010060 | SV-90121r2_rule | Medium |
| Description |
|---|
| An Ubuntu operating system needs to be able to identify when a user's sessions has idled for longer than 15 minutes. The Ubuntu operating system must logout a users' session after 15 minutes to prevent anyone from gaining access to the machine while the user is away. |
| STIG | Date |
|---|---|
| Canonical Ubuntu 16.04 Security Technical Implementation Guide | 2020-05-29 |
Details
| Check Text ( C-75145r2_chk ) |
|---|
| Verify the Ubuntu operating system initiates a session logout after a "15" minutes of inactivity. Check that the proper auto logout script exists with the following command: # cat /etc/profile.d/autologout.sh TMOUT=900 readonly TMOUT export TMOUT If the file "/etc/profile.d/autologout.sh" does not exist, the timeout values are commented out, the output from the function call are not the same, this is a finding. |
| Fix Text (F-82069r2_fix) |
|---|
| Configure the Ubuntu operating system to initiate a session logout after a "15" minutes of inactivity. Create a file to contain the system-wide session auto logout script (if it does not already exist) with the following command: # sudo touch /etc/profile.d/autologout.sh Add the following lines to the "/etc/profile.d/autologout.sh" script: TMOUT=900 readonly TMOUT export TMOUT |