|
 |
a8c580 |
From eb3d5f4bd1f15419f105b7f543493c28ccf6b2bd Mon Sep 17 00:00:00 2001
|
|
|
a8c580 |
From: Vojtech Polasek <vpolasek@redhat.com>
|
|
|
a8c580 |
Date: Wed, 14 Apr 2021 16:37:51 +0200
|
|
|
a8c580 |
Subject: [PATCH 1/4] update tests to test also for files in /etc/profile.d
|
|
|
a8c580 |
directory
|
|
|
a8c580 |
|
|
|
a8c580 |
---
|
|
|
a8c580 |
.../{comment.fail.sh => comment_profile.fail.sh} | 2 ++
|
|
|
a8c580 |
.../accounts_tmout/tests/comment_profile_d.fail.sh | 11 +++++++++++
|
|
|
a8c580 |
...ct_value.pass.sh => correct_value_profile.pass.sh} | 2 ++
|
|
|
a8c580 |
.../tests/correct_value_profile_d.pass.sh | 11 +++++++++++
|
|
|
a8c580 |
.../accounts_tmout/tests/line_not_there.fail.sh | 1 +
|
|
|
a8c580 |
.../{multiline.fail.sh => multiline_profile.fail.sh} | 2 ++
|
|
|
a8c580 |
.../accounts_tmout/tests/multiline_profile_d.fail.sh | 11 +++++++++++
|
|
|
a8c580 |
.../accounts_tmout/tests/multiline_profile_d.pass.sh | 9 +++++++++
|
|
|
a8c580 |
...liance.pass.sh => supercompliance_profile.pass.sh} | 2 ++
|
|
|
a8c580 |
.../tests/supercompliance_profile_d.pass.sh | 11 +++++++++++
|
|
|
a8c580 |
...rong_value.fail.sh => wrong_value_profile.fail.sh} | 2 ++
|
|
|
a8c580 |
.../tests/wrong_value_profile_d.fail.sh | 11 +++++++++++
|
|
|
a8c580 |
12 files changed, 75 insertions(+)
|
|
|
a8c580 |
rename linux_os/guide/system/accounts/accounts-session/accounts_tmout/tests/{comment.fail.sh => comment_profile.fail.sh} (80%)
|
|
|
a8c580 |
create mode 100644 linux_os/guide/system/accounts/accounts-session/accounts_tmout/tests/comment_profile_d.fail.sh
|
|
|
a8c580 |
rename linux_os/guide/system/accounts/accounts-session/accounts_tmout/tests/{correct_value.pass.sh => correct_value_profile.pass.sh} (80%)
|
|
|
a8c580 |
create mode 100644 linux_os/guide/system/accounts/accounts-session/accounts_tmout/tests/correct_value_profile_d.pass.sh
|
|
|
a8c580 |
rename linux_os/guide/system/accounts/accounts-session/accounts_tmout/tests/{multiline.fail.sh => multiline_profile.fail.sh} (84%)
|
|
|
a8c580 |
create mode 100644 linux_os/guide/system/accounts/accounts-session/accounts_tmout/tests/multiline_profile_d.fail.sh
|
|
|
a8c580 |
create mode 100644 linux_os/guide/system/accounts/accounts-session/accounts_tmout/tests/multiline_profile_d.pass.sh
|
|
|
a8c580 |
rename linux_os/guide/system/accounts/accounts-session/accounts_tmout/tests/{supercompliance.pass.sh => supercompliance_profile.pass.sh} (80%)
|
|
|
a8c580 |
create mode 100644 linux_os/guide/system/accounts/accounts-session/accounts_tmout/tests/supercompliance_profile_d.pass.sh
|
|
|
a8c580 |
rename linux_os/guide/system/accounts/accounts-session/accounts_tmout/tests/{wrong_value.fail.sh => wrong_value_profile.fail.sh} (80%)
|
|
|
a8c580 |
create mode 100644 linux_os/guide/system/accounts/accounts-session/accounts_tmout/tests/wrong_value_profile_d.fail.sh
|
|
|
a8c580 |
|
|
|
a8c580 |
diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_tmout/tests/comment.fail.sh b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/tests/comment_profile.fail.sh
|
|
|
a8c580 |
similarity index 80%
|
|
|
a8c580 |
rename from linux_os/guide/system/accounts/accounts-session/accounts_tmout/tests/comment.fail.sh
|
|
|
a8c580 |
rename to linux_os/guide/system/accounts/accounts-session/accounts_tmout/tests/comment_profile.fail.sh
|
|
|
a8c580 |
index ef123cd177e..91f258d5a9d 100644
|
|
|
a8c580 |
--- a/linux_os/guide/system/accounts/accounts-session/accounts_tmout/tests/comment.fail.sh
|
|
|
a8c580 |
+++ b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/tests/comment_profile.fail.sh
|
|
|
a8c580 |
@@ -2,6 +2,8 @@
|
|
|
a8c580 |
|
|
|
a8c580 |
# variables = var_accounts_tmout=600
|
|
|
a8c580 |
|
|
|
a8c580 |
+sed -i "/.*TMOUT.*/d" /etc/profile.d/*.sh
|
|
|
a8c580 |
+
|
|
|
a8c580 |
if grep -q "^TMOUT" /etc/profile; then
|
|
|
a8c580 |
sed -i "s/^TMOUT.*/# TMOUT=600/" /etc/profile
|
|
|
a8c580 |
else
|
|
|
a8c580 |
diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_tmout/tests/comment_profile_d.fail.sh b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/tests/comment_profile_d.fail.sh
|
|
|
a8c580 |
new file mode 100644
|
|
|
a8c580 |
index 00000000000..0d7d5135586
|
|
|
a8c580 |
--- /dev/null
|
|
|
a8c580 |
+++ b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/tests/comment_profile_d.fail.sh
|
|
|
a8c580 |
@@ -0,0 +1,11 @@
|
|
|
a8c580 |
+#!/bin/bash
|
|
|
a8c580 |
+
|
|
|
a8c580 |
+# variables = var_accounts_tmout=600
|
|
|
a8c580 |
+
|
|
|
a8c580 |
+sed -i "/.*TMOUT.*/d" /etc/profile
|
|
|
a8c580 |
+
|
|
|
a8c580 |
+if grep -q "^TMOUT" /etc/profile.d/tmout.sh; then
|
|
|
a8c580 |
+ sed -i "s/^TMOUT.*/# TMOUT=600/" /etc/profile.d/tmout.sh
|
|
|
a8c580 |
+else
|
|
|
a8c580 |
+ echo "# TMOUT=600" >> /etc/profile.d/tmout.sh
|
|
|
a8c580 |
+fi
|
|
|
a8c580 |
diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_tmout/tests/correct_value.pass.sh b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/tests/correct_value_profile.pass.sh
|
|
|
a8c580 |
similarity index 80%
|
|
|
a8c580 |
rename from linux_os/guide/system/accounts/accounts-session/accounts_tmout/tests/correct_value.pass.sh
|
|
|
a8c580 |
rename to linux_os/guide/system/accounts/accounts-session/accounts_tmout/tests/correct_value_profile.pass.sh
|
|
|
a8c580 |
index 0d1b360dbdc..725ec381200 100644
|
|
|
a8c580 |
--- a/linux_os/guide/system/accounts/accounts-session/accounts_tmout/tests/correct_value.pass.sh
|
|
|
a8c580 |
+++ b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/tests/correct_value_profile.pass.sh
|
|
|
a8c580 |
@@ -2,6 +2,8 @@
|
|
|
a8c580 |
|
|
|
a8c580 |
# variables = var_accounts_tmout=700
|
|
|
a8c580 |
|
|
|
a8c580 |
+sed -i "/.*TMOUT.*/d" /etc/profile.d/*.sh
|
|
|
a8c580 |
+
|
|
|
a8c580 |
if grep -q "TMOUT" /etc/profile; then
|
|
|
a8c580 |
sed -i "s/.*TMOUT.*/TMOUT=700/" /etc/profile
|
|
|
a8c580 |
else
|
|
|
a8c580 |
diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_tmout/tests/correct_value_profile_d.pass.sh b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/tests/correct_value_profile_d.pass.sh
|
|
|
a8c580 |
new file mode 100644
|
|
|
a8c580 |
index 00000000000..1cd8d26c357
|
|
|
a8c580 |
--- /dev/null
|
|
|
a8c580 |
+++ b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/tests/correct_value_profile_d.pass.sh
|
|
|
a8c580 |
@@ -0,0 +1,11 @@
|
|
|
a8c580 |
+#!/bin/bash
|
|
|
a8c580 |
+
|
|
|
a8c580 |
+# variables = var_accounts_tmout=700
|
|
|
a8c580 |
+
|
|
|
a8c580 |
+sed -i "/.*TMOUT.*/d" /etc/profile
|
|
|
a8c580 |
+
|
|
|
a8c580 |
+if grep -q "TMOUT" /etc/profile.d/tmout.sh; then
|
|
|
a8c580 |
+ sed -i "s/.*TMOUT.*/TMOUT=700/" /etc/profile.d/tmout.sh
|
|
|
a8c580 |
+else
|
|
|
a8c580 |
+ echo "TMOUT=700" >> /etc/profile.d/tmout.sh
|
|
|
a8c580 |
+fi
|
|
|
a8c580 |
diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_tmout/tests/line_not_there.fail.sh b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/tests/line_not_there.fail.sh
|
|
|
a8c580 |
index af62eb12d51..4c36c1a842c 100644
|
|
|
a8c580 |
--- a/linux_os/guide/system/accounts/accounts-session/accounts_tmout/tests/line_not_there.fail.sh
|
|
|
a8c580 |
+++ b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/tests/line_not_there.fail.sh
|
|
|
a8c580 |
@@ -1,3 +1,4 @@
|
|
|
a8c580 |
#!/bin/bash
|
|
|
a8c580 |
|
|
|
a8c580 |
sed -i "/^TMOUT.*/d" /etc/profile
|
|
|
a8c580 |
+sed -i "/^TMOUT.*/d" /etc/profile.d/*.sh
|
|
|
a8c580 |
diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_tmout/tests/multiline.fail.sh b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/tests/multiline_profile.fail.sh
|
|
|
a8c580 |
similarity index 84%
|
|
|
a8c580 |
rename from linux_os/guide/system/accounts/accounts-session/accounts_tmout/tests/multiline.fail.sh
|
|
|
a8c580 |
rename to linux_os/guide/system/accounts/accounts-session/accounts_tmout/tests/multiline_profile.fail.sh
|
|
|
a8c580 |
index 12aee2fe43a..fdf62efe723 100644
|
|
|
a8c580 |
--- a/linux_os/guide/system/accounts/accounts-session/accounts_tmout/tests/multiline.fail.sh
|
|
|
a8c580 |
+++ b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/tests/multiline_profile.fail.sh
|
|
|
a8c580 |
@@ -2,6 +2,8 @@
|
|
|
a8c580 |
|
|
|
a8c580 |
# variables = var_accounts_tmout=700
|
|
|
a8c580 |
|
|
|
a8c580 |
+sed -i "/.*TMOUT.*/d" /etc/profile.d/*.sh
|
|
|
a8c580 |
+
|
|
|
a8c580 |
if grep -q "TMOUT" /etc/profile; then
|
|
|
a8c580 |
sed -i "s/.*TMOUT.*/TMOUT=900; readonly TMOUT; export TMOUT/" /etc/profile
|
|
|
a8c580 |
else
|
|
|
a8c580 |
diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_tmout/tests/multiline_profile_d.fail.sh b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/tests/multiline_profile_d.fail.sh
|
|
|
a8c580 |
new file mode 100644
|
|
|
a8c580 |
index 00000000000..25e77d33ae5
|
|
|
a8c580 |
--- /dev/null
|
|
|
a8c580 |
+++ b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/tests/multiline_profile_d.fail.sh
|
|
|
a8c580 |
@@ -0,0 +1,11 @@
|
|
|
a8c580 |
+#!/bin/bash
|
|
|
a8c580 |
+
|
|
|
a8c580 |
+# variables = var_accounts_tmout=900
|
|
|
a8c580 |
+
|
|
|
a8c580 |
+sed -i "/.*TMOUT.*/d" /etc/profile
|
|
|
a8c580 |
+
|
|
|
a8c580 |
+if grep -q "TMOUT" /etc/profile.d/tmout.sh; then
|
|
|
a8c580 |
+ sed -i "s/.*TMOUT.*/TMOUT=950; readonly TMOUT; export TMOUT/" /etc/profile.d/tmout.sh
|
|
|
a8c580 |
+else
|
|
|
a8c580 |
+ echo "TMOUT=950; readonly TMOUT; export TMOUT" >> /etc/profile.d/tmout.sh
|
|
|
a8c580 |
+fi
|
|
|
a8c580 |
diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_tmout/tests/multiline_profile_d.pass.sh b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/tests/multiline_profile_d.pass.sh
|
|
|
a8c580 |
new file mode 100644
|
|
|
a8c580 |
index 00000000000..5b3f169a469
|
|
|
a8c580 |
--- /dev/null
|
|
|
a8c580 |
+++ b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/tests/multiline_profile_d.pass.sh
|
|
|
a8c580 |
@@ -0,0 +1,9 @@
|
|
|
a8c580 |
+#!/bin/bash
|
|
|
a8c580 |
+
|
|
|
a8c580 |
+# variables = var_accounts_tmout=700
|
|
|
a8c580 |
+
|
|
|
a8c580 |
+if grep -q "TMOUT" /etc/profile.d/tmout.sh; then
|
|
|
a8c580 |
+ sed -i "s/.*TMOUT.*/TMOUT=700; readonly TMOUT; export TMOUT/" /etc/profile.d/tmout.sh
|
|
|
a8c580 |
+else
|
|
|
a8c580 |
+ echo "TMOUT=700; readonly TMOUT; export TMOUT" >> /etc/profile.d/tmout.sh
|
|
|
a8c580 |
+fi
|
|
|
a8c580 |
diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_tmout/tests/supercompliance.pass.sh b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/tests/supercompliance_profile.pass.sh
|
|
|
a8c580 |
similarity index 80%
|
|
|
a8c580 |
rename from linux_os/guide/system/accounts/accounts-session/accounts_tmout/tests/supercompliance.pass.sh
|
|
|
a8c580 |
rename to linux_os/guide/system/accounts/accounts-session/accounts_tmout/tests/supercompliance_profile.pass.sh
|
|
|
a8c580 |
index 50f97e14c91..9927bf7b5da 100644
|
|
|
a8c580 |
--- a/linux_os/guide/system/accounts/accounts-session/accounts_tmout/tests/supercompliance.pass.sh
|
|
|
a8c580 |
+++ b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/tests/supercompliance_profile.pass.sh
|
|
|
a8c580 |
@@ -2,6 +2,8 @@
|
|
|
a8c580 |
|
|
|
a8c580 |
# variables = var_accounts_tmout=900
|
|
|
a8c580 |
|
|
|
a8c580 |
+sed -i "/.*TMOUT.*/d" /etc/profile.d/*.sh
|
|
|
a8c580 |
+
|
|
|
a8c580 |
if grep -q "TMOUT" /etc/profile; then
|
|
|
a8c580 |
sed -i "s/.*TMOUT.*/TMOUT=800/" /etc/profile
|
|
|
a8c580 |
else
|
|
|
a8c580 |
diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_tmout/tests/supercompliance_profile_d.pass.sh b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/tests/supercompliance_profile_d.pass.sh
|
|
|
a8c580 |
new file mode 100644
|
|
|
a8c580 |
index 00000000000..6316152a56b
|
|
|
a8c580 |
--- /dev/null
|
|
|
a8c580 |
+++ b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/tests/supercompliance_profile_d.pass.sh
|
|
|
a8c580 |
@@ -0,0 +1,11 @@
|
|
|
a8c580 |
+#!/bin/bash
|
|
|
a8c580 |
+
|
|
|
a8c580 |
+# variables = var_accounts_tmout=900
|
|
|
a8c580 |
+
|
|
|
a8c580 |
+sed -i "/.*TMOUT.*/d" /etc/profile
|
|
|
a8c580 |
+
|
|
|
a8c580 |
+if grep -q "TMOUT" /etc/profile.d/tmout.sh; then
|
|
|
a8c580 |
+ sed -i "s/.*TMOUT.*/TMOUT=800/" /etc/profile.d/tmout.sh
|
|
|
a8c580 |
+else
|
|
|
a8c580 |
+ echo "TMOUT=800" >> /etc/profile.d/tmout.sh
|
|
|
a8c580 |
+fi
|
|
|
a8c580 |
diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_tmout/tests/wrong_value.fail.sh b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/tests/wrong_value_profile.fail.sh
|
|
|
a8c580 |
similarity index 80%
|
|
|
a8c580 |
rename from linux_os/guide/system/accounts/accounts-session/accounts_tmout/tests/wrong_value.fail.sh
|
|
|
a8c580 |
rename to linux_os/guide/system/accounts/accounts-session/accounts_tmout/tests/wrong_value_profile.fail.sh
|
|
|
a8c580 |
index a19002a4041..88b4ed6583f 100644
|
|
|
a8c580 |
--- a/linux_os/guide/system/accounts/accounts-session/accounts_tmout/tests/wrong_value.fail.sh
|
|
|
a8c580 |
+++ b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/tests/wrong_value_profile.fail.sh
|
|
|
a8c580 |
@@ -2,6 +2,8 @@
|
|
|
a8c580 |
|
|
|
a8c580 |
# variables = var_accounts_tmout=200
|
|
|
a8c580 |
|
|
|
a8c580 |
+sed -i "/.*TMOUT.*/d" /etc/profile.d/*.sh
|
|
|
a8c580 |
+
|
|
|
a8c580 |
if grep -q "^TMOUT" /etc/profile; then
|
|
|
a8c580 |
sed -i "s/^TMOUT.*/TMOUT=250/" /etc/profile
|
|
|
a8c580 |
else
|
|
|
a8c580 |
diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_tmout/tests/wrong_value_profile_d.fail.sh b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/tests/wrong_value_profile_d.fail.sh
|
|
|
a8c580 |
new file mode 100644
|
|
|
a8c580 |
index 00000000000..1c98456e55e
|
|
|
a8c580 |
--- /dev/null
|
|
|
a8c580 |
+++ b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/tests/wrong_value_profile_d.fail.sh
|
|
|
a8c580 |
@@ -0,0 +1,11 @@
|
|
|
a8c580 |
+#!/bin/bash
|
|
|
a8c580 |
+
|
|
|
a8c580 |
+# variables = var_accounts_tmout=900
|
|
|
a8c580 |
+
|
|
|
a8c580 |
+sed -i "/.*TMOUT.*/d" /etc/profile
|
|
|
a8c580 |
+
|
|
|
a8c580 |
+if grep -q "^TMOUT" /etc/profile.d/tmout.sh; then
|
|
|
a8c580 |
+ sed -i "s/^TMOUT.*/TMOUT=950/" /etc/profile.d/tmout.sh
|
|
|
a8c580 |
+else
|
|
|
a8c580 |
+ echo "TMOUT=950" >> /etc/profile.d/tmout.sh
|
|
|
a8c580 |
+fi
|
|
|
a8c580 |
|
|
|
a8c580 |
From 1bf99a57e35d6a41413bc6152313cb71e62c6e79 Mon Sep 17 00:00:00 2001
|
|
|
a8c580 |
From: Vojtech Polasek <vpolasek@redhat.com>
|
|
|
a8c580 |
Date: Thu, 15 Apr 2021 15:38:46 +0200
|
|
|
a8c580 |
Subject: [PATCH 2/4] update rule description
|
|
|
a8c580 |
|
|
|
a8c580 |
---
|
|
|
a8c580 |
.../system/accounts/accounts-session/accounts_tmout/rule.yml | 5 +++--
|
|
|
a8c580 |
1 file changed, 3 insertions(+), 2 deletions(-)
|
|
|
a8c580 |
|
|
|
a8c580 |
diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_tmout/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/rule.yml
|
|
|
a8c580 |
index 844ef8b1ddf..98306fc5266 100644
|
|
|
a8c580 |
--- a/linux_os/guide/system/accounts/accounts-session/accounts_tmout/rule.yml
|
|
|
a8c580 |
+++ b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/rule.yml
|
|
|
a8c580 |
@@ -7,7 +7,8 @@
|
|
|
a8c580 |
description: |-
|
|
|
a8c580 |
Setting the <tt>TMOUT</tt> option in <tt>/etc/profile</tt> ensures that
|
|
|
a8c580 |
all user sessions will terminate based on inactivity. The <tt>TMOUT</tt>
|
|
|
a8c580 |
- setting in <tt>/etc/profile</tt> should read as follows:
|
|
|
a8c580 |
+ setting in a file loaded by <tt>/etc/profile</tt>, e.g.
|
|
|
a8c580 |
+ <tt>/etc/profile.d/tmout.sh</tt> should read as follows:
|
|
|
a8c580 |
TMOUT={{{ xccdf_value("var_accounts_tmout") }}}
|
|
|
a8c580 |
|
|
|
a8c580 |
rationale: |-
|
|
|
a8c580 |
@@ -45,6 +46,6 @@
|
|
|
a8c580 |
ocil: |-
|
|
|
a8c580 |
Run the following command to ensure the <tt>TMOUT</tt> value is configured for all users
|
|
|
a8c580 |
on the system:
|
|
|
a8c580 |
- $ sudo grep TMOUT /etc/profile
|
|
|
a8c580 |
+ $ sudo grep TMOUT /etc/profile /etc/profile.d/*.sh
|
|
|
a8c580 |
The output should return the following:
|
|
|
a8c580 |
TMOUT={{{ xccdf_value("var_accounts_tmout") }}}
|
|
|
a8c580 |
|
|
|
a8c580 |
|
|
|
a8c580 |
From 37a7d0f665f5718b5979e955eaa47c83cff09f0e Mon Sep 17 00:00:00 2001
|
|
|
a8c580 |
From: Vojtech Polasek <vpolasek@redhat.com>
|
|
|
a8c580 |
Date: Thu, 15 Apr 2021 15:39:04 +0200
|
|
|
a8c580 |
Subject: [PATCH 3/4] update bash remediation
|
|
|
a8c580 |
|
|
|
a8c580 |
---
|
|
|
a8c580 |
.../accounts_tmout/bash/shared.sh | 18 +++++++++++++-----
|
|
|
a8c580 |
1 file changed, 13 insertions(+), 5 deletions(-)
|
|
|
a8c580 |
|
|
|
a8c580 |
diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_tmout/bash/shared.sh b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/bash/shared.sh
|
|
|
a8c580 |
index ba01c7eca30..490617332a8 100644
|
|
|
a8c580 |
--- a/linux_os/guide/system/accounts/accounts-session/accounts_tmout/bash/shared.sh
|
|
|
a8c580 |
+++ b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/bash/shared.sh
|
|
|
a8c580 |
@@ -2,9 +2,17 @@
|
|
|
a8c580 |
. /usr/share/scap-security-guide/remediation_functions
|
|
|
a8c580 |
{{{ bash_instantiate_variables("var_accounts_tmout") }}}
|
|
|
a8c580 |
|
|
|
a8c580 |
-if grep --silent '^\s*TMOUT' /etc/profile ; then
|
|
|
a8c580 |
- sed -i -E "s/^(\s*)TMOUT\s*=\s*(\w|\$)*(.*)$/\1TMOUT=$var_accounts_tmout\3/g" /etc/profile
|
|
|
a8c580 |
-else
|
|
|
a8c580 |
- echo -e "\n# Set TMOUT to $var_accounts_tmout per security requirements" >> /etc/profile
|
|
|
a8c580 |
- echo "TMOUT=$var_accounts_tmout" >> /etc/profile
|
|
|
a8c580 |
+# if 0, no occurence of tmout found, if 1, occurence found
|
|
|
a8c580 |
+tmout_found=0
|
|
|
a8c580 |
+
|
|
|
a8c580 |
+for f in /etc/profile /etc/profile.d/*.sh; do
|
|
|
a8c580 |
+ if grep --silent '^\s*TMOUT' $f; then
|
|
|
a8c580 |
+ sed -i -E "s/^(\s*)TMOUT\s*=\s*(\w|\$)*(.*)$/\1TMOUT=$var_accounts_tmout\3/g" $f
|
|
|
a8c580 |
+ $tmout_found=1
|
|
|
a8c580 |
+ fi
|
|
|
a8c580 |
+done
|
|
|
a8c580 |
+
|
|
|
a8c580 |
+if [ $tmout_found -eq 0 ]; then
|
|
|
a8c580 |
+ echo -e "\n# Set TMOUT to $var_accounts_tmout per security requirements" >> /etc/profile.d/tmout.sh
|
|
|
a8c580 |
+ echo "TMOUT=$var_accounts_tmout" >> /etc/profile.d/tmout.sh
|
|
|
a8c580 |
fi
|
|
|
a8c580 |
|
|
|
a8c580 |
From 29ff79f15efda649581fa74296329bbd3f5b4d9d Mon Sep 17 00:00:00 2001
|
|
|
a8c580 |
From: Vojtech Polasek <vpolasek@redhat.com>
|
|
|
a8c580 |
Date: Thu, 15 Apr 2021 15:39:23 +0200
|
|
|
a8c580 |
Subject: [PATCH 4/4] update ansible remediation
|
|
|
a8c580 |
|
|
|
a8c580 |
---
|
|
|
a8c580 |
.../accounts/accounts-session/accounts_tmout/ansible/shared.yml | 2 +-
|
|
|
a8c580 |
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
a8c580 |
|
|
|
a8c580 |
diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_tmout/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/ansible/shared.yml
|
|
|
a8c580 |
index 2c3049006da..f37ac94873c 100644
|
|
|
a8c580 |
--- a/linux_os/guide/system/accounts/accounts-session/accounts_tmout/ansible/shared.yml
|
|
|
a8c580 |
+++ b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/ansible/shared.yml
|
|
|
a8c580 |
@@ -5,4 +5,4 @@
|
|
|
a8c580 |
# disruption = low
|
|
|
a8c580 |
{{{ ansible_instantiate_variables("var_accounts_tmout") }}}
|
|
|
a8c580 |
|
|
|
a8c580 |
-{{{ ansible_etc_profile_set(parameter='TMOUT', value='{{ var_accounts_tmout }}') }}}
|
|
|
a8c580 |
+{{{ ansible_set_config_file(file='/etc/profile.d/tmout.sh', parameter='TMOUT', separator='=', separator_regex='=', value='{{ var_accounts_tmout }}', create='yes') }}}
|