← Back to Canonical Ubuntu 22.04 LTS Security Technical Implementation Guide

V-260554

CAT II (Medium)

Ubuntu 22.04 LTS must automatically exit interactive command shell user sessions after 15 minutes of inactivity.

Rule ID

SV-260554r958636_rule

STIG

Canonical Ubuntu 22.04 LTS Security Technical Implementation Guide

Version

V2R8

CCIs

CCI-002361

Discussion

Terminating an idle interactive command shell user session within a short time period reduces the window of opportunity for unauthorized personnel to take control of it when left unattended in a virtual terminal or physical console.

Check Content

Verify Ubuntu 22.04 LTS is configured to automatically exit interactive command shell user sessions after 15 minutes of inactivity or less by using the following command: 
  
     $ sudo grep -E "\bTMOUT=[0-9]+" /etc/bash.bashrc /etc/profile.d/* 
     /etc/profile.d/99-terminal_tmout.sh:TMOUT=900 
  
If "TMOUT" is not set to "900" or less, is set to "0", is commented out, or missing, this is a finding.

Fix Text

Configure Ubuntu 22.04 LTS to exit interactive command shell user sessions after 15 minutes of inactivity. 
 
Create and/or append a custom file under "/etc/profile.d/" by using the following command: 
 
     $ sudo su -c "echo TMOUT=900 >> /etc/profile.d/99-terminal_tmout.sh" 
  
This will set a timeout value of 15 minutes for all future sessions.  
  
To set the timeout for the current sessions, execute the following command over the terminal session:  
  
     $ export TMOUT=900