Enable automatic logoff to prevent
an intruder from compromising the security of the system.
Another valid security concern
results from users leaving their accounts unattended for a lengthy period of
time. This situation allows an intruder to take control of the user's terminal,
potentially compromising the security of the system.
To prevent this type of potential
security hazard, you can enable automatic logoff on the system. To do this,
edit the /etc/security/.profile file to include an automatic logoff value for all
users, as in the following example:
TMOUT=600;
TIMEOUT=600; export TMOUT TIMEOUT; readonly TMOUT TIMEOUT
The number 600, in this example, is
in seconds, which is equal to 10 minutes. However, this method will only work
from the shell.
While the previous action allows you
to enforce an automatic logoff policy for all users, system users can bypass
some restrictions by editing their individual .profile files. To completely
implement an automatic logoff policy, take authoritative action by providing
users with appropriate .profile files, preventing write-access rights to these
files.
Không có nhận xét nào:
Đăng nhận xét