{"description": "To enable console screen locking in <tt>tmux</tt> terminal multiplexer,\nthe <tt>vlock</tt> command must be configured to be used as a locking\nmechanism.\nAdd the following line to <tt>/etc/tmux.conf</tt>:\n<pre>set -g lock-command vlock</pre>.\nThe console can now be locked with the following key combination:\n<pre>ctrl+b :lock-session</pre>", "rationale": "The <tt>tmux</tt> package allows for a session lock to be implemented and configured.\nHowever, the session lock is implemented by an external command. The <tt>tmux</tt>\ndefault configuration does not contain an effective session lock.", "severity": "medium", "references": {"nist": ["AC-11(a)", "AC-11(b)", "CM-6(a)"], "ospp": ["FMT_SMF_EXT.1", "FMT_MOF_EXT.1", "FTA_SSL.1"], "srg": ["SRG-OS-000028-GPOS-00009", "SRG-OS-000030-GPOS-00011"]}, "control_references": {}, "components": [], "identifiers": {}, "ocil_clause": "the \"lock-command\" is not set in the global settings to call \"vlock\"", "ocil": "Verify Ubuntu 22.04 enables the user to initiate a session lock with the following command:\n\n<pre>$ grep lock-command /etc/tmux.conf</pre>\n\n<pre>set -g lock-command vlock</pre>\n\nThen, verify that the /etc/tmux.conf file can be read by other users than root:\n\n<pre>$ sudo ls -al /etc/tmux.conf</pre>", "oval_external_content": null, "fixtext": "Configure Ubuntu 22.04 to allow a user to initiate a sessions lock by adding the following line to the file \"/etc/tmux.conf\":\n\n<pre>set -g lock-command vlock</pre>\n\nThen, ensure a correct mode of /etc/tmux.conf using this command:\n\n$ sudo chmod 0644 /etc/tmux.conf", "checktext": "", "vuldiscussion": "", "srg_requirement": "Ubuntu 22.04 must enable a user session lock until that user re-establishes access using established identification and authentication procedures for command line sessions.", "warnings": [], "conflicts": [], "requires": [], "policy_specific_content": {"stig": {"srg_requirement": "Ubuntu 22.04 must enable a user session lock until that user re-establishes access using established identification and authentication procedures for command line sessions.", "vuldiscussion": "A session lock is a temporary action taken when a user stops work and moves away from the immediate physical vicinity of the information system but does not want to log out because of the temporary nature of the absence.\n\nThe session lock is implemented at the point where session activity can be determined. Rather than be forced to wait for a period of time to expire before the user session can be locked, Ubuntu 22.04 must provide users with the ability to manually invoke a session lock so users can secure their session if it is necessary to temporarily vacate the immediate physical vicinity.\n\nThe \"tmux\" package allows for a session lock to be implemented and configured. However, the session lock is implemented by an external command. The \"tmux\" default configuration does not contain an effective session lock.", "checktext": "Verify Ubuntu 22.04 enables the user to initiate a session lock with the following command:\n\n$ grep lock-command /etc/tmux.conf\n\nset -g lock-command vlock\n\nIf the \"lock-command\" is not set in the global settings to call \"vlock\", this is a finding.", "fixtext": "Configure Ubuntu 22.04 to allow a user to initiate a sessions lock by adding the following line to the file \"/etc/tmux.conf\":\n\n set -g lock-command vlock"}}, "platform": "package[tmux]", "platforms": ["package[tmux]"], "sce_metadata": {}, "inherited_platforms": ["system_with_kernel"], "cpe_platform_names": ["package_tmux"], "inherited_cpe_platform_names": ["system_with_kernel"], "bash_conditional": null, "fixes": {}, "title": "Configure the tmux Lock Command", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/rule.yml", "template": null}