3 files changed, 33 insertions, 0 deletions

diff --git a/salt/profile/seccheck/files/etc/security/autologout.conf b/salt/profile/seccheck/files/etc/security/autologout.conf
new file mode 100644
index 0000000..e910a29
--- /dev/null
+++ b/salt/profile/seccheck/files/etc/security/autologout.conf
@@ -0,0 +1,9 @@
+{%- set header = salt['pillar.get']('managed_header_pound') -%}
+{{ header }}
+TTY_TIMEOUT=60
+DEFAULT_DELAY=60
+KILL_WAIT=20
+
+LOGOUTCONF=(
+"ssh idle:720 delay:30"
+)
diff --git a/salt/profile/seccheck/files/etc/sysconfig/seccheck b/salt/profile/seccheck/files/etc/sysconfig/seccheck
new file mode 100644
index 0000000..86eb9af
--- /dev/null
+++ b/salt/profile/seccheck/files/etc/sysconfig/seccheck
@@ -0,0 +1,4 @@
+{%- set header = salt['pillar.get']('managed_header_pound') -%}
+{{ header }}
+SECCHK_USER="root"
+START_SECCHK="yes"
diff --git a/salt/profile/seccheck/init.sls b/salt/profile/seccheck/init.sls
new file mode 100644
index 0000000..eed0c57
--- /dev/null
+++ b/salt/profile/seccheck/init.sls
@@ -0,0 +1,20 @@
+seccheck_packages:
+  pkg.installed:
+    - pkgs:
+      - seccheck
+
+seccheck_files:
+  file.managed:
+    - user: root
+    - mode: '0644'
+    - template: jinja
+    - names:
+      - /etc/sysconfig/seccheck:
+        - source: salt:///{{ slspath }}/files/etc/sysconfig/seccheck
+      - /etc/security/autologout.conf:
+        - source: salt:///{{ slspath }}/files/etc/security/autologout.conf
+
+seccheck_service:
+  service.running:
+    - name: seccheck-autologout.timer
+    - enable: True