content icon indicating copy to clipboard operation
content copied to clipboard
verified publisher icon ComplianceAsCode

RHEL 8/9 - Unexpected active sessions stop by systemd-logind

Open lsimmons1957 opened this issue 1 year ago • 0 comments

Description of problem:

Remediation for DISA-STIG-RHEL-08-020035 involves adding this setting to /etc/systemd/logind.conf: StopIdleSessionSec=900

Per Red Hat this, can cause GNOME sessions to fail. For example, if the RHEL screen saver activates, the GNOME session will eventually be terminated.

Red Hat support article: https://access.redhat.com/solutions/7059128

Recommendation: Omit remediation for DISA-STIG-RHEL-08-020035 until Red Hat fixes the kernel/logind issues described in the support article or warn users of SSG 1.72.

SCAP Security Guide Version:

1.72

Operating System Version:

RHEL 8, 9

Steps to Reproduce:

  1. Apply 1.72 Ansible to RHEL 8.8.
  2. Restart.
  3. Log into RHEL 8.8.
  4. Let system idle until a black screen appears
  5. Observe that session cannot be accessed.
  6. Workaround: Switch to a different console (Alt-F2) and log in. The GNOME session on the primary console will "wake up".

Actual Results:

GNOME session becomes inaccessible after lengthy idle time (20 minutes+)

Expected Results:

GNOME session remains available.

Additional Information/Debugging Steps:

lsimmons1957 avatar May 01 '24 01:05 lsimmons1957