Run the following script to verify that TMOUT is configured to: include a timeout of no more than 900 seconds, to be readonly, to be exported, and is not being changed to a longer timeout.
#!/bin/bashoutput1=""output2=""[-f/etc/bash.bashrc]&&BRC="/etc/bash.bashrc"forfin"$BRC"/etc/profile/etc/profile.d/*.sh;dogrep-Pq'^\s*([^#]+\s+)?TMOUT=(900|[1-8][0-9][0-9]|[1-9][0-9]|[1-9])\b'"$f"&&grep-Pq'^\s*([^#]+;\s*)?readonly\s+TMOUT(\s+|\s*;|\s*$|=(900|[1-8][0-9][0-9]|[1-9][0-9]|[1-9]))\b'"$f"&&grep-Pq'^\s*([^#]+;\s*)?export\s+TMOUT(\s+|\s*;|\s*$|=(900|[1-8][0-9][0-9]|[1-9][0-9]|[1-9]))\b'"$f"&&output1="$f"donegrep-Pq'^\s*([^#]+\s+)?TMOUT=(9[0-9][1-9]|9[1-9][0-9]|0+|[1-9]\d{3,})\b'/etc/profile/etc/profile.d/*.sh"$BRC"&&output2=$(grep-Ps'^\s*([^#]+\s+)?TMOUT=(9[0-9][1-9]|9[1-9][0-9]|0+|[1-9]\d{3,})\b'/etc/profile/etc/profile.d/*.sh$BRC)if[-n"$output1"]&&[-z"$output2"];thenecho-e"\nPASSED\n\nTMOUT is configured in: \"$output1\"\n"else[-z"$output1"]&&echo-e"\nFAILED\n\nTMOUT is not configured\n"[-n"$output2"]&&echo-e"\nFAILED\n\nTMOUT is incorrectly configured in: \"$output2\"\n"fi
Review /etc/bash.bashrc, /etc/profile, and all files ending in *.sh in the /etc/profile.d/ directory and remove or edit all TMOUT=n entries to follow local site policy. TMOUT should not exceed 900 or be equal to 0.
Configure TMOUT in one of the following files:
A file in the /etc/profile.d/ directory ending in .sh