UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

RHEL 9 must automatically lock command line user sessions after 15 minutes of inactivity.


Overview

Finding ID Version Rule ID IA Controls Severity
V-258066 RHEL-09-412025 SV-258066r958402_rule Medium
Description
A session time-out lock is a temporary action taken when a user stops work and moves away from the immediate physical vicinity of the information system but does not logout because of the temporary nature of the absence. Rather than relying on the user to manually lock their operating system session prior to vacating the vicinity, tmux can be configured to identify when a user's session has idled and take action to initiate a session lock. Satisfies: SRG-OS-000029-GPOS-00010, SRG-OS-000031-GPOS-00012
STIG Date
Red Hat Enterprise Linux 9 Security Technical Implementation Guide 2024-06-04

Details

Check Text ( C-61807r926183_chk )
Verify RHEL 9 initiates a session lock after 15 minutes of inactivity.

Check the value of the system inactivity timeout with the following command:

$ grep -i lock-after-time /etc/tmux.conf

set -g lock-after-time 900

If "lock-after-time" is not set to "900" or less in the global tmux configuration file to enforce session lock after inactivity, this is a finding.
Fix Text (F-61731r926184_fix)
Configure RHEL 9 to enforce session lock after a period of 15 minutes of inactivity by adding the following line to the "/etc/tmux.conf" global configuration file:

set -g lock-after-time 900