Re-think how TMOUT is handled

[pyllyukko]

Installing tmout.sh into /etc/profile.d is necessarily not enough. E.g. if sudo is invoked without -i, it doesn't apply.

• [x] autologout.csh
• [x] Variable for timeout value that should be used at least in sudoers, sudo_env, tmout.sh, autologout.csh & autolog.conf

Examples from different guides:

NSA RHEL guide

2.3.5.5 Implement Inactivity Time-out for Login Shells

/etc/profile.d/tmout.sh:

TMOUT=900
readonly TMOUT
export TMOUT

system-hardening-10.2.txt

/etc/profile:

# Logout if a root terminal is not being used
if [ `id -u` = "0" ]; then
    export TMOUT=1200
fi

CIS CentOS Linux 7 Benchmark v3.0.0

5.4.4 Ensure default user shell timeout is configured (Automated)

• profile
• /etc/bashrc

TMOUT=900
readonly TMOUT
export TMOUT

CIS Debian Linux 10 Benchmark v1.0.0

• /etc/bash.bashrc
• profile

[pyllyukko]

We could add TMOUT to sudo_env.

[pyllyukko]

Value should be no more than 15 minutes.

[pyllyukko]

99a5e25f4a6d0e04574d45cda908c0ccc9f9404c

[pyllyukko]

Related issue: #72

[pyllyukko]

The timeout value should be a variable and used consistently across various configs.