New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
change applicability of rules configuring idle session timeouts #10127
change applicability of rules configuring idle session timeouts #10127
Conversation
8d39c90
to
5fd0181
Compare
9334166
to
40dd7cd
Compare
ospp: FMT_SMF_EXT.1.1 | ||
pcidss: Req-8.1.8 | ||
srg: SRG-OS-000126-GPOS-00066,SRG-OS-000163-GPOS-00072,SRG-OS-000279-GPOS-00109,SRG-OS-000395-GPOS-00175 | ||
stigid@rhel8: RHEL-08-010201 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
While this covers the spirit of RHEL-08-010201 it not the letter of RHEL-08-010201, so I don't know if we want to add this stigid
yet.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I agree. I removed also CIS references because I think the reason is the same. What do you think @marcusburghardt ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
After a review of the CIS benchmarks, I would agree with pulling the CIS references.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I also agree to not include CIS reference here.
linux_os/guide/system/accounts/accounts-physical/logind_session_timeout/rule.yml
Outdated
Show resolved
Hide resolved
…n_timeout/rule.yml Co-authored-by: Matthew Burket <m@tthewburket.com>
9b14930
to
219a652
Compare
@Mab879 @marcusburghardt @yuumasato @matejak could you please review and eventually merge this? I would like to get it into the release, plus there will be one more small PR which depends on this one. |
Description:
Rationale:
The Systemd feature which can configure session idle timeout is not present in all RHEL releases, therefore the rule does not apply in some cases. To be exact, the feature works only in 9.1 and up and 8.7 and up.
Also the SSH configuration used by sshd_set_idle_timeout has effect only in some cases. It works only up to 8.5.
Testing hints: