← Back to Amazon Linux 2023 Security Technical Implementation Guide

V-274142

CAT II (Medium)

Amazon Linux 2023 must automatically exit interactive command shell user sessions after 15 minutes of inactivity.

Rule ID

SV-274142r1120414_rule

STIG

Amazon Linux 2023 Security Technical Implementation Guide

Version

V1R3

CCIs

CCI-000057, CCI-001133

Discussion

Terminating an idle interactive command shell user session within a short time period reduces the window of opportunity for unauthorized personnel to take control of it when left unattended in a virtual terminal or physical console.

Check Content

Verify Amazon Linux 2023 is configured to exit interactive command shell user sessions after 10 minutes of inactivity or less with the following command:

$ sudo grep -i tmout /etc/profile /etc/profile.d/*.sh
/etc/profile.d/tmout.sh:declare -xr TMOUT=600

If "TMOUT" is not set to "600" or less in a script located in the "/etc/'profile.d/ directory, is missing or is commented out, this is a finding.

Fix Text

Configure Amazon Linux 2023 to exit interactive command shell user sessions after 10 minutes of inactivity.

Add or edit the following line in "/etc/profile.d/tmout.sh":

#!/bin/bash

declare -xr TMOUT=600