Various security standards require the computer screen to be locked or logged off after a period of inactivity. This article will show you how to use Centrify to enforce an automatic log out from the Linux CLI after a period of inactivity.

Requirements:

• The Linux system must have the Centrify Agent installed and bound to Active Directory.
• You will need Group Policy Management on a Windows member server with the Centrify Infrastructure Services installed.

1. In Group Policy Management, edit or create a GPO for your Linux system.

2. Enable Computer Configuration > Policies > Centrify Settings > Common UNIX Settings > Specify commands to run 

2. Click Add.

3. Enter a custom command, then click OK.

For CentOS use:

grep -q -F TMOUT=900 /etc/bashrc || echo TMOUT=900 >> /etc/bashrc

For Ubuntu use:

grep -q -F TMOUT=900 /etc/bash.bashrc || echo TMOUT=900 >> /etc/bash.bashrc

Change the numbers in the command to your desired number in seconds. (For example, 900 = 15 minutes.) Please note the operating system might round up or down to the closest supported minute. 

4. Reboot the Linux system for the setting to apply.

The Centrify Agent will execute the script at every Active Directory group policy interval (default 90 minutes). 

 Please share if you have a better script or method.

Other related articles

• Enforce screen lock for Linux GUI
• Enforcing screen lock for MacOS