Skip to content

Install the tmux Package

An XCCDF Rule

Description

To enable console screen locking, install the tmux package. A session lock is a temporary action taken when a user stops work and moves away from the immediate physical vicinity of the information system but does not want to log out because of the temporary nature of the absence. The session lock is implemented at the point where session activity can be determined. Rather than be forced to wait for a period of time to expire before the user session can be locked, Red Hat Enterprise Linux 9 needs to provide users with the ability to manually invoke a session lock so users can secure their session if it is necessary to temporarily vacate the immediate physical vicinity. Instruct users to begin new terminal sessions with the following command:

$ tmux
The console can now be locked with the following key combination:
ctrl+b :lock-session

Rationale

A session time-out lock is a temporary action taken when a user stops work and moves away from the immediate physical vicinity of the information system but does not logout because of the temporary nature of the absence. Rather than relying on the user to manually lock their operation system session prior to vacating the vicinity, operating systems need to be able to identify when a user's session has idled and take action to initiate the session lock.

The tmux package allows for a session lock to be implemented and configured.

ID
xccdf_org.ssgproject.content_rule_package_tmux_installed
Severity
Medium
References
Updated



Remediation - Anaconda Pre-Install Instructions


package --add=tmux

Remediation - OS Build Blueprint


[[packages]]
name = "tmux"
version = "*"

Remediation - Ansible

- name: Ensure tmux is installed
  package:
    name: tmux
    state: present
  when: ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
  tags:

Remediation - Puppet

include install_tmux

class install_tmux {
  package { 'tmux':
    ensure => 'installed',
  }

Remediation - Shell Script

# Remediation is applicable only in certain platforms
if [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ]; then

if ! rpm -q --quiet "tmux" ; then
    dnf install -y "tmux"
fi