File tree Expand file tree Collapse file tree 4 files changed +41
-4
lines changed
linux_os/guide/system/accounts/accounts-session/accounts_tmout Expand file tree Collapse file tree 4 files changed +41
-4
lines changed Original file line number Diff line number Diff line change 44 {{% set system_configuration_using_etc_bashrc_expected = true %}}
55{{%- endif -%}}
66<def-group >
7- <definition class =" compliance" id =" accounts_tmout" version =" 3 "
7+ <definition class =" compliance" id =" accounts_tmout" version =" 4 "
88 {{{ oval_metadata("Checks interactive shell timeout", rule_title=rule_title) }}}
99 <criteria operator =" AND"
1010 {{% if "ubuntu" in product %}}
1616 {{% if system_configuration_using_etc_bashrc_expected %}}
1717 <criterion comment =" TMOUT value in /etc/bashrc < = var_accounts_tmout" test_ref =" test_etc_bashrc_tmout"
1818 {{% endif %}}
19+ <criterion comment =" All configured TMOUT values must be >= 1" test_ref =" test_accounts_tmout_lower_bound"
1920 </criteria >
2021 </definition >
2122
106107 <ind : subexpression datatype =" int" operation =" less than or equal" var_check =" all" var_ref =" var_accounts_tmout"
107108 </ind : textfilecontent54_state >
108109
110+ <ind : textfilecontent54_state id =" state_etc_profile_tmout_lower_bound" version =" 1"
111+ <ind : subexpression datatype =" int" operation =" greater than or equal" ind : subexpression >
112+ </ind : textfilecontent54_state >
113+
114+ <ind : textfilecontent54_test check =" all" check_existence =" any_exist" comment =" All TMOUT values must be greater than or equal to 1" id =" test_accounts_tmout_lower_bound" version =" 1"
115+ <ind : object object_ref =" object_accounts_tmout_all_tmout_instances"
116+ <ind : state state_ref =" state_etc_profile_tmout_lower_bound"
117+ </ind : textfilecontent54_test >
118+
109119 <external_variable comment =" external variable for TMOUT" datatype =" int" id =" var_accounts_tmout" version =" 1"
110120</def-group >
Original file line number Diff line number Diff line change @@ -5,8 +5,9 @@ title: 'Set Interactive Session Timeout'
55
66description : |-
77 Setting the <tt>TMOUT</tt> option in <tt>/etc/profile</tt> ensures that
8- all user sessions will terminate based on inactivity.
9- The value of TMOUT should be exported and read only.
8+ all user sessions will terminate based on inactivity. A value of <tt>0</tt> (zero)
9+ disables the automatic logout feature and is therefore not a compliant setting.
10+ The value of TMOUT should be a positive integer, exported, and read only.
1011 The <tt>TMOUT</tt>
1112 {{% if product in ["sle12", "sle15", "slmicro5"] %}}
1213 setting in <tt>/etc/profile.d/autologout.sh</tt> should read as follows:
@@ -65,7 +66,7 @@ references:
6566 stigid@sle15 : SLES-15-010130
6667 stigid@ubuntu2204 : UBTU-22-412030
6768
68- ocil_clause : ' value of TMOUT is not less than or equal to expected setting'
69+ ocil_clause : ' the TMOUT value is not configured, is set to 0, or is not less than or equal to the expected setting'
6970
7071ocil : |-
7172 Run the following command to ensure the <tt>TMOUT</tt> value is configured for all users
Original file line number Diff line number Diff line change 1+ #! /bin/bash
2+
3+ # variables = var_accounts_tmout=900
4+
5+ sed -i " /.*TMOUT.*/d" * .sh
6+
7+ if grep -q " TMOUT=" ; then
8+ sed -i " s/.*TMOUT=.*/TMOUT=0/"
9+ else
10+ echo " TMOUT=0" >> /etc/profile
11+ fi
Original file line number Diff line number Diff line change 1+ #! /bin/bash
2+
3+ # variables = var_accounts_tmout=900
4+
5+ TEST_FILE=/etc/profile.d/tmout.sh
6+
7+ sed -i " /.*TMOUT.*/d"
8+
9+ test -f $TEST_FILE || touch $TEST_FILE
10+
11+ if grep -q " TMOUT=" $TEST_FILE ; then
12+ sed -i " s/.*TMOUT=.*/TMOUT=0/" $TEST_FILE
13+ else
14+ echo " TMOUT=0" >> $TEST_FILE
15+ fi
You can’t perform that action at this time.
0 commit comments