File: accounts_tmout.yml

package info (click to toggle)
scap-security-guide 0.1.76-1
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid, trixie
  • size: 110,644 kB
  • sloc: xml: 241,883; sh: 73,777; python: 32,527; makefile: 27
file content (80 lines) | stat: -rw-r--r-- 2,455 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
 
title: Set Interactive Session Timeout
description: 'Setting the <tt>TMOUT</tt> option in <tt>/etc/profile</tt> ensures that

    all user sessions will terminate based on inactivity.

    The value of TMOUT should be exported and read only.

    The <tt>TMOUT</tt>


    setting in a file loaded by <tt>/etc/profile</tt>, e.g.

    <tt>/etc/profile.d/tmout.sh</tt> should read as follows:

    <pre>declare -xr TMOUT=<sub idref="var_accounts_tmout" /></pre>'
rationale: 'Terminating an idle session within a short time period reduces

    the window of opportunity for unauthorized personnel to take control of a

    management session enabled on the console or console port that has been

    left unattended.'
severity: medium
references:
    anssi: R29
    cis-csc: 1,12,15,16
    cobit5: DSS05.04,DSS05.10,DSS06.10
    cui: 3.1.11
    disa: CCI-000057,CCI-001133,CCI-002361
    isa-62443-2009: 4.3.3.6.1,4.3.3.6.2,4.3.3.6.3,4.3.3.6.4,4.3.3.6.5,4.3.3.6.6,4.3.3.6.7,4.3.3.6.8,4.3.3.6.9
    isa-62443-2013: SR 1.1,SR 1.10,SR 1.2,SR 1.5,SR 1.7,SR 1.8,SR 1.9
    iso27001-2013: A.18.1.4,A.9.2.1,A.9.2.4,A.9.3.1,A.9.4.2,A.9.4.3
    nerc-cip: CIP-004-6 R2.2.3,CIP-007-3 R5.1,CIP-007-3 R5.2,CIP-007-3 R5.3.1,CIP-007-3
        R5.3.2,CIP-007-3 R5.3.3
    nist: AC-12,SC-10,AC-2(5),CM-6(a)
    nist-csf: PR.AC-7
    ospp: FMT_MOF_EXT.1
    srg: SRG-OS-000163-GPOS-00072,SRG-OS-000029-GPOS-00010
identifiers:
    cce: CCE-83633-8
ocil_clause: value of TMOUT is not less than or equal to expected setting
ocil: 'Run the following command to ensure the <tt>TMOUT</tt> value is configured
    for all users

    on the system:


    <pre>$ sudo grep TMOUT /etc/profile /etc/profile.d/*.sh</pre>


    The output should return the following:

    <pre>TMOUT=<sub idref="var_accounts_tmout" /></pre>'
oval_external_content: null
fixtext: 'Configure Red Hat Enterprise Linux 9 to terminate user sessions after <sub
    idref="var_accounts_tmout" /> seconds of inactivity.


    Add or edit the following line in "/etc/profile.d/tmout.sh":

    TMOUT=<sub idref="var_accounts_tmout" />'
checktext: ''
vuldiscussion: ''
srg_requirement: ''
warnings: []
conflicts: []
requires: []
policy_specific_content: {}
platform: machine
platforms: !!set
    machine: null
sce_metadata: {}
inherited_platforms: !!set {}
template: null
cpe_platform_names: !!set
    machine: null
inherited_cpe_platform_names: !!set {}
bash_conditional: null
fixes: {}
documentation_complete: true