STIGQter: STIG Summary: Red Hat Enterprise Linux 7 Security Technical Implementation Guide Version: 3 Release: 3 Benchmark Date: 23 Apr 2021: STIGQter: STIG Summary: Red Hat Enterprise Linux 7 Security Technical Implementation Guide Version: 3 Release: 3 Benchmark Date: 23 Apr 2021:SV-204587r603261_rule
V-204587
SRG-OS-000163-GPOS-00072
RHEL-07-040320
CAT II
10
Configure the operating system to automatically terminate a user session after inactivity time-outs have expired or at shutdown.
Add the following line (or modify the line to have the required value) to the "/etc/ssh/sshd_config" file (this file may be named differently or be in a different location if using a version of SSH that is provided by a third-party vendor):
ClientAliveInterval 600
The SSH service must be restarted for changes to take effect.
Verify the operating system automatically terminates a user session after inactivity time-outs have expired.
Check for the value of the "ClientAliveInterval" keyword with the following command:
# grep -iw clientaliveinterval /etc/ssh/sshd_config
ClientAliveInterval 600
If "ClientAliveInterval" is not configured, commented out, or has a value of "0", this is a finding.
If "ClientAliveInterval" has a value that is greater than "600" and is not documented with the Information System Security Officer (ISSO) as an operational requirement, this is a finding.
V-204587
False
RHEL-07-040320
Verify the operating system automatically terminates a user session after inactivity time-outs have expired.
Check for the value of the "ClientAliveInterval" keyword with the following command:
# grep -iw clientaliveinterval /etc/ssh/sshd_config
ClientAliveInterval 600
If "ClientAliveInterval" is not configured, commented out, or has a value of "0", this is a finding.
If "ClientAliveInterval" has a value that is greater than "600" and is not documented with the Information System Security Officer (ISSO) as an operational requirement, this is a finding.
M
2899