Configure the tmux Lock Command
An XCCDF Rule
Description
To enable console screen locking in tmux
terminal multiplexer,
the vlock
command must be configured to be used as a locking
mechanism.
Add the following line to /etc/tmux.conf
:
set -g lock-command vlock. The console can now be locked with the following key combination:
ctrl+b :lock-session
Rationale
The tmux
package allows for a session lock to be implemented and configured.
However, the session lock is implemented by an external command. The tmux
default configuration does not contain an effective session lock.
- ID
- xccdf_org.ssgproject.content_rule_configure_tmux_lock_command
- Severity
- Medium
- References
- Updated
Remediation - Shell Script
# Remediation is applicable only in certain platforms
if [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ] && { rpm --quiet -q tmux; }; then
tmux_conf="/etc/tmux.conf"
if grep -qP '^\s*set\s+-g\s+lock-command' "$tmux_conf" ; then
Remediation - Ansible
- name: Gather the package facts
package_facts:
manager: auto
tags:
- DISA-STIG-OL08-00-020040
- NIST-800-53-AC-11(a)