iCompaas Support

Profile Applicability:
 • Level 1

Description:
 Configuring a shell timeout automatically logs out users after a period of inactivity. This reduces the risk of unauthorized access through unattended sessions.

Rationale:
 Setting a shell timeout helps protect the system by minimizing the window where an unattended session could be exploited.

Impact:
 Pros:

• Enhances security by reducing idle session risks.
  

• Supports compliance with security policies.
  

Cons:

• May inconvenience users if the timeout is too short.
  

Default Value:
 Shell timeouts are often not configured by default and need explicit setting.

Pre-requisites:

• Root or sudo privileges to modify shell environment settings.
  

Remediation:

Test Plan:

Using Linux command line:

1. Check if shell timeout variables like TMOUT are set globally, for example:
   

   grep TMOUT /etc/profile /etc/bashrc /etc/bash.bashrc ~/.bashrc ~/.bash_profile

2. Verify the timeout value is configured.
   

Implementation Plan:

Using Linux command line:

1. Set shell timeout by adding or updating TMOUT in global shell configuration files (e.g., /etc/profile)
   

   echo "export TMOUT=900" >> /etc/profile

2. Inform users to re-login or source the configuration for changes to take effect.
   

Backout Plan:

Using Linux command line:

1. Remove or comment out TMOUT settings if needed.
   

2. Verify user sessions behave as expected.
   

References:

• CIS Amazon Linux 2 Benchmark v3.0.0
  

• Bash Manual - TMOUT