Set Interactive Session Timeout

An XCCDF Rule

Description

Setting the TMOUT option in /etc/profile ensures that all user sessions will terminate based on inactivity. The value of TMOUT should be exported and read only. The TMOUT setting in a file loaded by /etc/profile, e.g. /etc/profile.d/tmout.sh should read as follows:

typeset -xr TMOUT=

declare -xr TMOUT=

Using the typeset keyword is preferred for wider compatibility with ksh and other shells.

Rationale

Terminating an idle session within a short time period reduces the window of opportunity for unauthorized personnel to take control of a management session enabled on the console or console port that has been left unattended.

ID: xccdf_org.ssgproject.content_rule_accounts_tmout
Severity: Medium
References: BP28(R29)

1 12 15 16

DSS05.04 DSS05.10 DSS06.10

3.1.11

CCI-000057 CCI-001133 CCI-002361

4.3.3.6.1 4.3.3.6.2 4.3.3.6.3 4.3.3.6.4 4.3.3.6.5 4.3.3.6.6 4.3.3.6.7 4.3.3.6.8 4.3.3.6.9

SR 1.1 SR 1.10 SR 1.2 SR 1.5 SR 1.7 SR 1.8 SR 1.9

A.18.1.4 A.9.2.1 A.9.2.4 A.9.3.1 A.9.4.2 A.9.4.3

CIP-004-6 R2.2.3 CIP-007-3 R5.1 CIP-007-3 R5.2 CIP-007-3 R5.3.1 CIP-007-3 R5.3.2 CIP-007-3 R5.3.3

AC-12 AC-2(5) CM-6(a) SC-10

PR.AC-7

FMT_MOF_EXT.1

8.6.1

SRG-OS-000029-GPOS-00010 SRG-OS-000163-GPOS-00072
Updated: 8 months ago