Details

A session timeout is an action taken when a session goes idle for any reason. Rather than relying on the user to manually disconnect their session prior to going idle, the Photon operating system must be able to identify when a session has idled and take action to terminate the session.

Satisfies: SRG-OS-000029-GPOS-00010, SRG-OS-000126-GPOS-00066, SRG-OS-000279-GPOS-00109

Solution

Open /etc/profile.d/tmout.sh with a text editor and set its content to the following:

TMOUT=900
readonly TMOUT
export TMOUT
mesg n 2>/dev/null

Supportive Information

The following resource is also helpful.

• https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_VMW_vSphere_6-7_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: Access Control, Maintenance.This control applies to the following type of system Unix.

References

• 800-53|AC-11a.
• 800-53|AC-12
• 800-53|MA-4e.
• CAT|II
• CCI|CCI-000057
• CCI|CCI-000879
• CCI|CCI-002361
• Rule-ID|SV-239077r675039_rule
• STIG-ID|PHTN-67-000005
• Vuln-ID|V-239077

Source

• Tenable.com/audits