ferricoxide
commented
1 year ago New content will do:
# salt-call -c /opt/watchmaker/salt state.sls ash-linux.el8.STIGbyID.cat2.RHEL-08-020035
local:
----------
ID: script_RHEL-08-020035-describe
Function: cmd.script
Result: True
Comment: Command 'script_RHEL-08-020035-describe' run
Started: 12:33:36.414793
Duration: 64.28 ms
Changes:
----------
pid:
3956
retcode:
0
stderr:
stdout:
--------------------------------------
STIG Finding ID: V-257258
The OS must terminate idle user
sessions
--------------------------------------
----------
ID: Set logind idle-session termination timeout
Function: file.replace
Name: /etc/systemd/logind.conf
Result: True
Comment: Changes were made
Started: 12:33:36.481885
Duration: 9.314 ms
Changes:
----------
diff::
---
+++
@@ -35,4 +35,4 @@
#RemoveIPC=no
#InhibitorsMax=8192
#SessionsMax=8192
-#StopIdleSessionSec=infinity
+StopIdleSessionSec=900
----------
ID: service_RHEL-08-020035-/etc/systemd/logind.conf
Function: service.running
Name: systemd-logind
Result: True
Comment: Service restarted
Started: 12:38:31.768434
Duration: 2040.201 ms
Changes:
----------
systemd-logind:
True
Summary for local
------------
Succeeded: 3 (changed=3)
Failed: 0
------------
Total states run: 3
Total run time: 2.088 s
Problem Description:
RHEL EL8 settings that should be applied with the execution of Salt State ash-linux.el8.STIGbyID.cat2.RHEL-08-020035 are not being applied properly
AMI: spel-minimal-rhel-8-hvm-2023.09.1.x86_64-gp2 Vul ID: V-257258
Expected Behavior:
StopIdleSessionSec variable in /etc/systemd/logind.conf should be set to value of '900'
Actual Behavior:
StopIdleSessionSec variable in /etc/systemd/logind.conf is set to 'infinity'
(Detailed) Steps to reproduce:
run command grep -i StopIdleSessionSec /etc/systemd/logind.conf view output
(Optional) Fix recommendation:
Change value of StopIdleSessionSec variable in /etc/systemd/logind.conf to '900'