Ubuntu OS must automatically exit interactive command shell user sessions after five minutes of inactivity.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-275643 | RIIM-OS-412030 | SV-275643r1147979_rule | CCI-002361 | medium |
| Description | ||||
| Terminating an idle interactive command shell user session within a short time period reduces the window of opportunity for unauthorized personnel to take control of it when left unattended in a virtual terminal or physical console. | ||||
| STIG | Date | |||
| Riverbed NetIM OS Security Technical Implementation Guide | 2025-10-02 | |||
Related Frameworks
3 paths across 3 frameworks
Related Frameworks
NIST 800-531 mapping
AC-12
1.00
- DISA · V1R1 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
NIST 800-1711 mapping
3.1.11
1.00
- DISA · V1R1 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
CCI1 mapping
CCI-002361
1.00
- DISA · V1R1 · disa_xccdf · related
Details
Check Text (C-275643r1147979_chk)
Verify Ubuntu OS is configured to automatically exit interactive command shell user sessions after five minutes of inactivity or less by using the following command:
$ sudo grep -E "\bTMOUT=[0-9]+" /etc/bash.bashrc /etc/profile.d/*
/etc/profile.d/99-terminal_tmout.sh:TMOUT=300
If "TMOUT" is not set to "300" or less, is set to "0", is commented out, or missing, this is a finding.
Fix Text (F-79650r1147978_fix)
Configure Ubuntu OS to exit interactive command shell user sessions after five minutes of inactivity.
Create and/or append a custom file under "/etc/profile.d/" by using the following command:
$ sudo su -c "echo TMOUT=300 >> /etc/profile.d/99-terminal_tmout.sh"
This will set a timeout value of five minutes for all future sessions.
To set the timeout for the current sessions, execute the following command over the terminal session:
$ export TMOUT=300