tyler.durden/lynis
1
0
Fork 0
mirror of https://github.com/CISOfy/lynis.git synced 2025-07-29 08:44:21 +02:00
Code Issues Packages Projects Releases Wiki Activity

Check timeout sessions and if they are readonly

Browse Source
This commit is contained in:
mboelen 2015-03-17 17:58:58 +01:00
parent 332277b7e1
commit 8201510d6a
1 changed files with 47 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
include/tests_shells
View File

@ -119,7 +119,10 @@
fi
if [ -f /etc/profile ]; then
FIND=`cat /etc/profile | grep '\(export[ \t]*\)\?TMOUT\( \)\?=\( \)\?' | tr -d ' ' | tr -d '\t' | grep -v "^#" | sed 's/export//' | sed 's/#.*//' | awk -F= '{ print $2 }'`
# Determine if we can find a TMOUT value
FIND=`cat /etc/profile | grep 'TMOUT=' | tr -d ' ' | tr -d '\t' | grep -v "^#" | sed 's/export//' | sed 's/#.*//' | awk -F= '{ print $2 }'`
# Determine if the value is exported (with export, readonly, or typeset)
FIND2=`cat /etc/profile | grep '\(export\|readonly\|typeset -r\)[ \t]*TMOUT' | grep -v "^#" | sed 's/#.*//' | awk '{ print $1 }'`
if [ ! "${FIND}" = "" ]; then
N=0; IDLE_TIMEOUT=1
for I in ${FIND}; do
@ -136,6 +139,25 @@
else
logtext "Result: could not find TMOUT setting in /etc/profile"
fi
if [ ! "${FIND2}" = "" ]; then
N=0;
for I in ${FIND2}; do
logtext "Output: ${I}"
if [ "${I}" = "readonly" -o "${I}" = "typeset" ]; then
N=`expr ${N} + 1`
fi
done
if [ ${N} -gt 0 ]; then
logtext "Result: found readonly setting in /etc/profile (readonly or typeset -r)"
report "session_timeout_set_readonly=1"
else
logtext "Result: NO readonly setting found in /etc/profile (readonly or typeset -r)"
report "session_timeout_set_readonly=0"
fi
else
logtext "Result: could not find export, readonly or typeset -r in /etc/profile"
fi
else
logtext "Result: skip /etc/profile test, file not available on this system"
fi
@ -143,7 +165,11 @@
if [ -d /etc/profile.d ]; then
FIND=`ls /etc/profile.d/*.sh 2> /dev/null`
if [ ! "${FIND}" = "" ]; then
FIND=`cat /etc/profile.d/*.sh 2> /dev/null | grep '\(export[ \t]*\)\?TMOUT=' | tr -d ' ' | tr -d '\t' | grep -v "^#" | sed 's/export//' | sed 's/#.*//' | awk -F= '{ print $2 }'`
# Determine if we can find a TMOUT value
FIND=`cat /etc/profile.d/*.sh 2> /dev/null | grep 'TMOUT=' | tr -d ' ' | tr -d '\t' | grep -v "^#" | sed 's/export//' | sed 's/#.*//' | awk -F= '{ print $2 }'`
# Determine if the value is exported (with export, readonly, or typeset)
FIND2=`cat /etc/profile.d/*.sh 2> /dev/null | grep '\(export\|readonly\|typeset -r\)[ \t]*TMOUT' | grep -v "^#" | sed 's/#.*//' | awk '{ print $1 }'`
if [ ! "${FIND}" = "" ]; then
N=0; IDLE_TIMEOUT=1
for I in ${FIND}; do
@ -160,6 +186,25 @@
else
logtext "Result: could not find TMOUT setting in /etc/profile.d/*.sh"
fi
# Check for readonly
if [ ! "${FIND2}" = "" ]; then
N=0;
for I in ${FIND2}; do
logtext "Output: ${I}"
if [ "${I}" = "readonly" -o "${I}" = "typeset" ]; then
N=`expr ${N} + 1`
fi
done
if [ ${N} -gt 0 ]; then
logtext "Result: found readonly setting in /etc/profile (readonly or typeset -r)"
report "session_timeout_set_readonly=1"
else
logtext "Result: NO readonly setting found in /etc/profile (readonly or typeset -r)"
report "session_timeout_set_readonly=0"
fi
else
logtext "Result: could not find export, readonly or typeset -r in /etc/profile"
fi
fi
else
logtext "Result: skip /etc/profile.d directory test, directory not available on this system"