← Back to VMware vSphere 7.0 vCenter Appliance Photon OS Security Technical Implementation Guide

V-256482

CAT II (Medium)

The Photon operating system must set a session inactivity timeout of 15 minutes or less.

Rule ID

SV-256482r958402_rule

STIG

VMware vSphere 7.0 vCenter Appliance Photon OS Security Technical Implementation Guide

Version

V1R4

CCIs

CCI-000057, CCI-000879, CCI-002361

Discussion

A session timeout is an action taken when a session goes idle for any reason. Rather than relying on the user to manually disconnect their session prior to going idle, the Photon operating system must be able to identify when a session has idled and take action to terminate the session. Satisfies: SRG-OS-000029-GPOS-00010, SRG-OS-000279-GPOS-00109, SRG-OS-000126-GPOS-00066

Check Content

At the command line, run the following command:

# cat /etc/profile.d/tmout.sh

Expected result:

TMOUT=900
readonly TMOUT 
export TMOUT
mesg n 2>/dev/null

If the file "tmout.sh" does not exist or the output does not look like the expected result, this is a finding.

Fix Text

Navigate to and open:

/etc/profile.d/tmout.sh

Set its content to the following: 

TMOUT=900
readonly TMOUT 
export TMOUT
mesg n 2>/dev/null