Ubuntu OS must automatically exit interactive command shell user sessions after five minutes of inactivity.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-275643 | RIIM-OS-412030 | SV-275643r1147979_rule | CCI-002361 | medium |
| Description | ||||
| Terminating an idle interactive command shell user session within a short time period reduces the window of opportunity for unauthorized personnel to take control of it when left unattended in a virtual terminal or physical console. | ||||
| STIG | Date | |||
| Riverbed NetIM OS Security Technical Implementation Guide | 2025-10-02 | |||
Details
Check Text (C-275643r1147979_chk)
Verify Ubuntu OS is configured to automatically exit interactive command shell user sessions after five minutes of inactivity or less by using the following command:
$ sudo grep -E "\bTMOUT=[0-9]+" /etc/bash.bashrc /etc/profile.d/*
/etc/profile.d/99-terminal_tmout.sh:TMOUT=300
If "TMOUT" is not set to "300" or less, is set to "0", is commented out, or missing, this is a finding.
Fix Text (F-79650r1147978_fix)
Configure Ubuntu OS to exit interactive command shell user sessions after five minutes of inactivity.
Create and/or append a custom file under "/etc/profile.d/" by using the following command:
$ sudo su -c "echo TMOUT=300 >> /etc/profile.d/99-terminal_tmout.sh"
This will set a timeout value of five minutes for all future sessions.
To set the timeout for the current sessions, execute the following command over the terminal session:
$ export TMOUT=300