The rule logind_session_timeout is misaligned with DISA. It passes with ComplianceAsCode but fails with DISA content.
The problem seems to be that the DISA's prose to set the timeout to 10 minutes, which means to set StopIdleSessionSec option to 600, and our content sets this to 600 but the DISA's OVAL checks that the StopIdleSessionSec option is set to 900.
We have discovered this problem in upstream productization.
Details:
This content is not aligned with content from DISA
The misalignment affects these profiles:
RHEL 8 STIG
The misalignment affects these rules:
logind_session_timeout
Outcome:
[ ] The external content's check is faulty - the other party needs to be notified, they have work to do.
SCAP Security Guide Version:
current upstream master as of 2024-11-01 as of 3b297951091a656ee080edc21ebc0430ec645fd1
Description of problem:
The rule logind_session_timeout is misaligned with DISA. It passes with ComplianceAsCode but fails with DISA content.
The problem seems to be that the DISA's prose to set the timeout to 10 minutes, which means to set
StopIdleSessionSec
option to 600, and our content sets this to 600 but the DISA's OVAL checks that theStopIdleSessionSec
option is set to 900.We have discovered this problem in upstream productization.
Details:
This content is not aligned with content from DISA
The misalignment affects these profiles:
RHEL 8 STIG
The misalignment affects these rules:
logind_session_timeout
Outcome:
SCAP Security Guide Version:
current upstream master as of 2024-11-01 as of 3b297951091a656ee080edc21ebc0430ec645fd1
External Content's Version:
V2R1