Information
TMOUT and TIMEOUT are environmental setting that activate the timeout of a shell. The value is in seconds.
TMOUT=n - Sets the shell timeout to n seconds. A setting of TMOUT=0, or unset TMOUT disables the automatic session timeout.
readonly TMOUT- Both export and lock TMOUT environmental variable to it's present value, preventing unwanted modification during run-time.
Rationale:
All systems are vulnerable if terminals are left logged in and unattended. The most serious problem occurs when a system manager leaves a terminal unattended that has been enabled with root authority. In general, users should log out anytime they leave their terminals.
You can force a terminal to log out after a period of inactivity by setting the TMOUT and TIMEOUT parameters in the /etc/profile file. The TMOUT parameter works in the ksh (Korn) shell, and the TIMEOUT parameter works in the bsh (Bourne) shell.
Impact:
This recommendation is set at Level 2 (using readonly).
The recommendation - at Level 1, would use export instead.
Solution
Review /etc/profile to verify that TMOUT is configured to:
include a timeout of no more than 900 seconds
to be readonly
verify readonly statement is the last statement
/usr/bin/egrep -n -e 'TMOUT|TIMEOUT' /etc/profile
This should return something similar to:
40:# TMOUT=120
41:TMOUT=900
42:TIMEOUT=900
43:readonly TMOUT TIMEOUT
If either setting is missing, and/or the readonly statement, add these to /etc/profile.
Default Value:
TMOUT=0