It seems to have been missed on the CS2 side. It's likely that it was refined internally at some point, but a subsequent version of the SSG content overwrote it. I'll make a note to get the fix handled this week - thanks for letting us know!
On Wed, May 14, 2014 at 5:06 PM, Shawn Wells <[email protected]> wrote: > > On 5/14/14, 4:37 PM, Trevor Vaughan wrote: > >> Ok, I realize that this went through a while ago but has anyone actually >> lived with this setting enabled? >> >> I've got a LOT of unhappy users that start to VI a file, walk away for a >> while (with their local screen locked) and come back to find their sessions >> dumped all over the floor. >> >> The default appears to be 5 minutes across the board which I find WAY too >> short since I might be looking at a man page in two windows for that amount >> of time or more. >> >> I would like to propose that the defaults be changed to something more >> sensible like 2, 4, or 8 hours. (Heck, meetings can go on for more than 2 >> hours sometimes) >> >> Thanks, >> > > The default value is 5 minutes: > >> <Value id="sshd_idle_timeout_value" type="number" >> operator="equals" interactive="0"> >> <title>SSH session Idle time</title> >> <description>Specify duration of allowed idle time.</description> >> <value selector="">300</value> >> <value selector="5_minutes">300</value> >> <value selector="10_minutes">600</value> >> <value selector="15_minutes">900</value> >> </Value> >> > > > STIG value is 15 minutes: > >> $ grep -rin sshd_idle_timeout_value profiles/ >> profiles/stig-rhel6-server-upstream.xml:114:<refine-value >> idref="sshd_idle_timeout_value" selector="15_minutes"/> >> profiles/rht-ccp.xml:9:<refine-value idref="sshd_idle_timeout_value" >> selector="5_minutes"/> >> profiles/common.xml:299:<refine-value idref="sshd_idle_timeout_value" >> selector="5_minutes"/> >> > > Interestingly, the CS2 profile doesn't refine the sshd_idle_timeout_value, > thus inheriting the 5 minute constraint.... > > /me eyeballs dave smith to see if this was an oversight in the CS2 profile > > _______________________________________________ > scap-security-guide mailing list > [email protected] > https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide >
_______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
