Skip to content

Configure tmux to lock session after inactivity

An XCCDF Rule

Description

To enable console screen locking in tmux terminal multiplexer after a period of inactivity, the lock-after-time option has to be set to a value greater than 0 and less than or equal to 900 in /etc/tmux.conf.

Rationale

Locking the session after a period of inactivity limits the potential exposure if the session is left unattended.

ID
xccdf_org.ssgproject.content_rule_configure_tmux_lock_after_time
Severity
Medium
References
Updated



Remediation - Shell Script

# Remediation is applicable only in certain platforms
if [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ] && { rpm --quiet -q tmux; }; then

tmux_conf="/etc/tmux.conf"

if grep -qP '^\s*set\s+-g\s+lock-after-time' "$tmux_conf" ; then

Remediation - Ansible

- name: Gather the package facts
  package_facts:
    manager: auto
  tags:
  - CCE-82199-1
  - DISA-STIG-RHEL-08-020070