Amazon Linux 2023 must terminate idle user sessions.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| medium | V-274166 | SRG-OS-000163-GPOS-00072 | AZLX-23-002510 | SV-274166r1120486_rule | 2025-07-15 | 1 |
| Description |
|---|
| Terminating an idle session within a short time period reduces the window of opportunity for unauthorized personnel to take control of a management session enabled on the console or console port that has been left unattended. In addition, quickly terminating an idle session will also free up resources committed by the managed network element. Terminating network connections associated with communications sessions includes, for example, de-allocating associated TCP/IP address/port pairs at Amazon Linux 2023 level, and de-allocating networking assignments at the application level if multiple application sessions are using a single operating system-level network connection. This does not mean that Amazon Linux 2023 terminates all sessions or network access; it only ends the inactive session and releases the resources associated with that session. |
| ℹ️ Check |
|---|
| Verify Amazon Linux 2023 logs out sessions that are idle for 15 minutes with the following command: $ sudo grep -i ^StopIdleSessionSec /etc/systemd/logind.conf StopIdleSessionSec=900 If "StopIdleSessionSec" is not configured to "900" seconds, is commented out, or is missing, this is a finding. |
| ✔️ Fix |
|---|
| Configure Amazon Linux 2023 to log out idle sessions by editing the /etc/systemd/logind.conf file with the following line: StopIdleSessionSec=900 The "logind" service must be restarted for the changes to take effect. To restart the "logind" service, run the following command: $ sudo systemctl restart systemd-logind |