new feautre tmout in a new pr (#516)

Signed-off-by: Ludwig Bayerlein <[email protected]>

Co-authored-by: Ludwig Bayerlein <[email protected]>

Author: lbayerlein

roles/os_hardening/README.md

@@ -250,6 +250,9 @@ We know that this is the case on Raspberry Pi.
 - `os_profile_enabled`
   - Default: `true`
   - Description: Set to false to disable installing and configuring profile.
+- `os_security_auto_logout`
+  - Default: `0`
+  - Description: Set timeout in seconds for logout users automatically after time. Setting this to `0` disables the timeout.
 - `os_securetty_enabled`
   - Default: `true`
   - Description: Set to false to disable installing and configuring securetty.

roles/os_hardening/defaults/main.yml

@@ -364,6 +364,9 @@ os_profile_enabled: true
 # Set to false to disable installing and configuring securetty.
 os_securetty_enabled: true
 
+# Set timeout in seconds for logout users automatically after time. Setting this to `0` disables the timeout.
+os_security_auto_logout: 0
+
 # Set to false to disable installing and configuring sysctl.
 os_sysctl_enabled: true
 

roles/os_hardening/tasks/profile.yml

@@ -13,3 +13,11 @@
     path: /etc/profile.d/pinerolo_profile.sh
     state: absent
   when: os_security_kernel_enable_core_dump | bool
+
+- name: Add autologout to profile env
+  template:
+    src: 'etc/profile.d/tmout.sh.j2'
+    dest: '/etc/profile.d/tmout.sh'
+    owner: 'root'
+    group: 'root'
+    mode: '0750'

roles/os_hardening/templates/etc/profile.d/tmout.sh.j2

@@ -0,0 +1,3 @@
+# Logout Timeout
+export TMOUT={{ os_security_auto_logout }}
+readonly TMOUT