Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Re-think how TMOUT is handled #23

Closed
2 tasks done
pyllyukko opened this issue Oct 29, 2017 · 5 comments
Closed
2 tasks done

Re-think how TMOUT is handled #23

pyllyukko opened this issue Oct 29, 2017 · 5 comments

Comments

@pyllyukko
Copy link
Owner

pyllyukko commented Oct 29, 2017
edited
Loading

Installing tmout.sh into /etc/profile.d is necessarily not enough. E.g. if sudo is invoked without -i, it doesn't apply.

  • autologout.csh
  • Variable for timeout value that should be used at least in sudoers, sudo_env, tmout.sh, autologout.csh & autolog.conf

Examples from different guides:

NSA RHEL guide

2.3.5.5 Implement Inactivity Time-out for Login Shells

/etc/profile.d/tmout.sh:

TMOUT=900
readonly TMOUT
export TMOUT

system-hardening-10.2.txt

/etc/profile:

# Logout if a root terminal is not being used
if [ `id -u` = "0" ]; then
    export TMOUT=1200
fi

CIS CentOS Linux 7 Benchmark v3.0.0

5.4.4 Ensure default user shell timeout is configured (Automated)

  • profile
  • /etc/bashrc
TMOUT=900
readonly TMOUT
export TMOUT

CIS Debian Linux 10 Benchmark v1.0.0

  • /etc/bash.bashrc
  • profile
@pyllyukko
Copy link
Owner Author

pyllyukko commented Dec 8, 2020
edited
Loading

We could add TMOUT to sudo_env.

@pyllyukko
Copy link
Owner Author

Value should be no more than 15 minutes.

@pyllyukko
Copy link
Owner Author

99a5e25

@pyllyukko
Copy link
Owner Author

Related issue: #72

@pyllyukko
Copy link
Owner Author

The timeout value should be a variable and used consistently across various configs.

pyllyukko added a commit that referenced this issue Dec 29, 2021
@pyllyukko
Timeout (tmout.sh etc.) improvements
1fa8adb 
* Relates to #23
* Now with a variable! \o/
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@pyllyukko