Skip to content

Commit 40e3731

Browse files
vojtapolasekvojtapolasek
committed
add new control RHEL-08-020360
1 parent 1715894 commit 40e3731

File tree

3 files changed

+14
-6
lines changed

3 files changed

+14
-6
lines changed

products/rhel8/controls/stig_rhel8.yml

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1419,6 +1419,16 @@ controls:
14191419
- accounts_umask_etc_profile
14201420
status: automated
14211421

1422+
- id: RHEL-08-020353
1423+
levels:
1424+
- medium
1425+
title: RHEL 8 must automatically exit interactive command shell user sessions after 10 minutes of inactivity.
1426+
rules:
1427+
- accounts_tmout
1428+
- var_accounts_tmout=10_min
1429+
status: automated
1430+
1431+
14221432
- id: RHEL-08-030000
14231433
levels:
14241434
- medium

tests/data/profile_stability/rhel8/stig.profile

Lines changed: 2 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -35,10 +35,8 @@ accounts_passwords_pam_faillock_dir
3535
accounts_passwords_pam_faillock_interval
3636
accounts_passwords_pam_faillock_silent
3737
accounts_passwords_pam_faillock_unlock_time
38-
accounts_umask_etc_bashrc
39-
accounts_umask_etc_csh_cshrc
38+
accounts_tmout
4039
accounts_umask_etc_login_defs
41-
accounts_umask_etc_profile
4240
accounts_umask_interactive_users
4341
accounts_user_dot_no_world_writable_programs
4442
accounts_user_home_paths_only
@@ -403,6 +401,7 @@ var_accounts_minimum_age_login_defs=1
403401
var_accounts_passwords_pam_faillock_deny=3
404402
var_accounts_passwords_pam_faillock_fail_interval=900
405403
var_accounts_passwords_pam_faillock_unlock_time=never
404+
var_accounts_tmout=10_min
406405
var_accounts_user_umask=077
407406
var_audit_backlog_limit=8192
408407
var_auditd_action_mail_acct=root

tests/data/profile_stability/rhel8/stig_gui.profile

Lines changed: 2 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -35,10 +35,8 @@ accounts_passwords_pam_faillock_dir
3535
accounts_passwords_pam_faillock_interval
3636
accounts_passwords_pam_faillock_silent
3737
accounts_passwords_pam_faillock_unlock_time
38-
accounts_umask_etc_bashrc
39-
accounts_umask_etc_csh_cshrc
38+
accounts_tmout
4039
accounts_umask_etc_login_defs
41-
accounts_umask_etc_profile
4240
accounts_umask_interactive_users
4341
accounts_user_dot_no_world_writable_programs
4442
accounts_user_home_paths_only
@@ -401,6 +399,7 @@ var_accounts_minimum_age_login_defs=1
401399
var_accounts_passwords_pam_faillock_deny=3
402400
var_accounts_passwords_pam_faillock_fail_interval=900
403401
var_accounts_passwords_pam_faillock_unlock_time=never
402+
var_accounts_tmout=10_min
404403
var_accounts_user_umask=077
405404
var_audit_backlog_limit=8192
406405
var_auditd_action_mail_acct=root

0 commit comments

Comments
 (0)