DCA Security FAQ‎ > ‎

How to Implement Inactivity Time-out for Login Shells

posted Oct 10, 2012, 7:13 AM by Sachchida Ojha   [ updated Oct 10, 2012, 7:13 AM ]
Configure login shells to automatically log users out after a period of inactivity. The following instructions are not practical for systems that run X Windows, as they will close terminal windows in the X environment. For information about how to automatically lock these systems, follow the Red Hat instructional documentation.
The following procedures set up a timeout of 15 seconds. You may adjust the duration appropriately based on your security policy requirements.

1.To implement a timeout for the bash shell, create a new file, tmout.sh under /etc/profile.d with the following content:
TMOUT=900
readonly TMOUT
export TMOUT

2.To implement a 15-minute idle timeout for the tcsh shell, create a new file, autologout.csh, under /etc/profile.d with the following content:
set -r autologout 15

Note that the automatic shell logout occurs only when the shell is the foreground process. For instance, if the session opens an editor, the session does not log out after the timeout period. For remote connections, such as ssh, the timeouts should be set up as part of the sshd configuration options.
Comments