AlmaLinux OS 9 must automatically exit interactive command shell user sessions after 10 minutes of inactivity.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-269108	ALMA-09-001890	SV-269108r1049990_rule		Medium

Description

Terminating an idle interactive command shell user session within a short time period reduces the window of opportunity for unauthorized personnel to take control of it when left unattended in a virtual terminal or physical console. Declaring $TMOUT as read-only means the user cannot override the setting. Satisfies: SRG-OS-000029-GPOS-00010, SRG-OS-000281-GPOS-00111, SRG-OS-000163-GPOS-00072

STIG	Date
CloudLinux AlmaLinux OS 9 Security Technical Implementation Guide	2025-05-22

Details

Check Text (C-73139r1049102_chk)

Verify AlmaLinux OS 9 is configured to exit interactive command shell user sessions after 10 minutes of inactivity or less with the following command:

$ grep TMOUT /etc/profile /etc/profile.d/*.sh

/etc/profile.d/tmout.sh:declare -xr TMOUT=600

If "TMOUT" is not set to "600" or less in a script located in the "/etc/'profile.d/ directory, is missing or is commented out, this is a finding.

Fix Text (F-73040r1049103_fix)

Configure AlmaLinux OS 9 to exit interactive command shell user sessions after 10 minutes of inactivity using the following command:

echo "declare -xr TMOUT=600" > /etc/profile.d/tmout.sh