Puppet Class: cis_security_hardening::rules::timeout_setting
- Defined in:
- manifests/rules/timeout_setting.pp
Summary
Ensure default user shell timeout is configuredOverview
The default TMOUT determines the shell timeout for users. The TMOUT value is measured in seconds.
Rationale: Having no timeout value associated with a shell could allow an unauthorized user access to another user’s shell session (e.g. user walks away from their computer and doesn’t lock the screen). Setting a timeout value at least reduces the risk of this happening.
24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 |
# File 'manifests/rules/timeout_setting.pp', line 24
class cis_security_hardening::rules::timeout_setting (
Boolean $enforce = false,
Integer $default_timeout = 900,
) {
if $enforce {
file { '/etc/profile.d/shell_timeout.sh':
ensure => file,
content => epp('cis_security_hardening/rules/common/shell_timeout.epp', {
default_timeout => $default_timeout,
os => $facts['os']['name'].downcase(),
}),
owner => 'root',
group => 'root',
mode => '0644',
}
if $facts['os']['name'].downcase() == 'debian' {
file { '/etc/profile':
ensure => file,
content => epp('cis_security_hardening/rules/common/profile.debian.epp', {
default_timeout => $default_timeout,
}),
owner => 'root',
group => 'root',
mode => '0644',
}
file { '/etc/bash.bashrc':
ensure => file,
content => epp('cis_security_hardening/rules/common/bash.bashrc.debian.epp', {
default_timeout => $default_timeout,
}),
owner => 'root',
group => 'root',
mode => '0644',
}
}
}
}
|