Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-4083 | GEN000500 | SV-38416r1_rule | PESL-1 | Medium |
Description |
---|
If graphical desktop sessions do not lock the session after 15 minutes of inactivity, requiring re-authentication to resume operations, the system or individual data could be compromised by an alert intruder who could exploit the oversight. This requirement applies to graphical desktop environments provided by the system to locally attached displays and input devices as well as to graphical desktop environments provided to remote systems, including thin clients. |
STIG | Date |
---|---|
HP-UX 11.23 Security Technical Implementation Guide | 2013-03-28 |
Check Text ( C-36256r1_chk ) |
---|
Examine the dtsession timeout variable setting. # cat /etc/dt/config/C/sys.resources | grep -i dtsession | grep -i lockTimeout If the dtsession timeout is higher than 15, commented or does not exist, this is a finding. |
Fix Text (F-31513r1_fix) |
---|
Configure the CDE lock manager to lock your screen after a certain amount of inactive time. To configure the CDE lock manager to lock the screen after 15 minutes of inactive time, enter the following commands (ensure to NOT overwrite an existing file): # cp /usr/dt/config/C/sys.resources /etc/dt/config/C/sys.resources # vi /etc/dt/config/C/sys.resources Locate and add/uncomment/change the line to N=15 dtsession*lockTimeout: dtsession*lockTimeout: 15 Log out of CDE and log back in to verify the timeout is in effect. |