Merge "CIS 5.4.4, 5.4.5"

linux/system/shell.sls

+{%- from "linux/map.jinja" import system with context %}
+{%- if system.enabled %}
+  {%- if system.shell is defined %}
+
+    {%- if system.shell.umask is defined %}
+etc_bash_bashrc_umask:
+  file.blockreplace:
+    - name: /etc/bash.bashrc
+    - marker_start: "# BEGIN CIS 5.4.4 default user umask"
+    - marker_end: "# END CIS 5.4.4 default user umask"
+    - content: "umask {{ system.shell.umask }}"
+    - append_if_not_found: True
+    - onlyif: test -f /etc/bash.bashrc
+
+etc_profile_umask:
+  file.blockreplace:
+    - name: /etc/profile
+    - marker_start: "# BEGIN CIS 5.4.4 default user umask"
+    - marker_end: "# END CIS 5.4.4 default user umask"
+    - content: "umask {{ system.shell.umask }}"
+    - append_if_not_found: True
+    - onlyif: test -f /etc/profile
+    {%- endif %}
+
+    {%- if system.shell.timeout is defined %}
+etc_bash_bashrc_timeout:
+  file.blockreplace:
+    - name: /etc/bash.bashrc
+    - marker_start: "# BEGIN CIS 5.4.5 default user shell timeout"
+    - marker_end: "# END CIS 5.4.5 default user shell timeout"
+    - content: "TMOUT={{ system.shell.timeout }}"
+    - append_if_not_found: True
+    - onlyif: test -f /etc/bash.bashrc
+
+etc_profile_timeout:
+  file.blockreplace:
+    - name: /etc/profile
+    - marker_start: "# BEGIN CIS 5.4.5 default user shell timeout"
+    - marker_end: "# END CIS 5.4.5 default user shell timeout"
+    - content: "TMOUT={{ system.shell.timeout }}"
+    - append_if_not_found: True
+    - onlyif: test -f /etc/profile
+    {%- endif %}
+  {%- endif %}
+{%- endif %}

tests/pillar/system.sls

     login_defs:
       PASS_MAX_DAYS:
         value: 99
+    shell:
+      umask: '027'
+      timeout: 900
     profile:
       vi_flavors.sh: |
         export PAGER=view