Run the following script to verify that TMOUT is configured to: include a timeout of no more than 900 seconds, to be readonly, to be exported, and is not being changed to a longer timeout.
#!/usr/bin/env bash{output1=""output2=""[-f/etc/bashrc]&&BRC="/etc/bashrc"forfin"$BRC"/etc/profile/etc/profile.d/*.sh;dogrep-Pq'^\s*([^#]+\s+)?TMOUT=(900|[1-8][0-9][0-9]|[1-9][0-9]|[1-9])\b'"$f"&&grep-Pq'^\s*([^#]+;\s*)?readonly\s+TMOUT(\s+|\s*;|\s*$|=(900|[1-8][0-9][0-9]|[1-9][0-9]|[1-9]))\b'"$f"&&grep-Pq'^\s*([^#]+;\s*)?export\s+TMOUT(\s+|\s*;|\s*$|=(900|[1-8][0-9][0-9]|[1-9][0-9]|[1-9]))\b'"$f"&&output1="$f"donegrep-Pq'^\s*([^#]+\s+)?TMOUT=(9[0-9][1-9]|9[1-9][0-9]|0+|[1-9]\d{3,})\b'/etc/profile/etc/profile.d/*.sh"$BRC"&&output2=$(grep-Ps
'^\s*([^#]+\s+)?TMOUT=(9[0-9][1-9]|9[1-9][0-9]|0+|[1-9]\d{3,})\b'/etc/profile/etc/profile.d/*.sh$BRC)if[-n"$output1"]&&[-z"$output2"];thenecho-e"\nPASSED\n\nTMOUT is configured in: \"$output1\"\n"else[-z"$output1"]&&echo-e"\nFAILED\n\nTMOUT is not configured\n"[-n"$output2"]&&echo-e"\nFAILED\n\nTMOUT is incorrectly configured in: \"$output2\"\n"fi}
Review /etc/bash.bashrc, /etc/profile, and all files ending in .sh* in the /etc/profile.d/ directory and remove or edit all TMOUT=n entries to follow local site policy. TMOUT should not exceed 900 or be equal to 0.
Configure TMOUT in one** of the following files:
- A file in the /etc/profile.d/ directory ending in .sh
- /etc/profile
- /etc/bash.bashrc