diff --git a/remediation-kits/access-and-control/1.37-ensure-default-user-shell-timeout-is-900-seconds-or-less.sh b/remediation-kits/access-and-control/1.37-ensure-default-user-shell-timeout-is-900-seconds-or-less.sh index 7b13bd63829e4e42e0482beaf73c7ba2334ee788..c516a5cc64b7cd6678b47e1277082a670ad15fc8 100644 --- a/remediation-kits/access-and-control/1.37-ensure-default-user-shell-timeout-is-900-seconds-or-less.sh +++ b/remediation-kits/access-and-control/1.37-ensure-default-user-shell-timeout-is-900-seconds-or-less.sh @@ -1 +1,12 @@ -grep -Psq "^readonly TMOUT=900 ; export TMOUT" /etc/profile || echo "readonly TMOUT=900 ; export TMOUT" >> /etc/profile +[ -f /etc/bashrc ] && BRC="/etc/bashrc" +for f in "$BRC" /etc/profile /etc/profile.d/*.sh ; do + val_TMOUT=$(grep -vP "^#.*" $f | grep -Pio "TMOUT=[0-9]+" | tail -1 | cut -d"=" -f 2) + [[ -n $val_TMOUT ]] && ex_TMOUT=true + if [[ -n $val_TMOUT ]] && [[ $val_TMOUT == 0 || $val_TMOUT -gt 900 ]] ; then + sed -ri s/"TMOUT=[0-9]+"/"TMOUT=900"/ $f + else + : + fi +done + +[[ $ex_TMOUT != "true" ]] && echo "readonly TMOUT=900 ; export TMOUT" >> /etc/profile diff --git a/remediation-kits/access-and-control/1.46-ensure-default-user-shell-timeout-is-between-600-and-1800-seconds.sh b/remediation-kits/access-and-control/1.46-ensure-default-user-shell-timeout-is-between-600-and-1800-seconds.sh index 1f96cdda116d78e8bd1dd85782310a181597fa5b..88495314632965d7863d05110f2e19176ed3fa50 100644 --- a/remediation-kits/access-and-control/1.46-ensure-default-user-shell-timeout-is-between-600-and-1800-seconds.sh +++ b/remediation-kits/access-and-control/1.46-ensure-default-user-shell-timeout-is-between-600-and-1800-seconds.sh @@ -1 +1,12 @@ -grep -Piq "TMOUT=[0-9]+" /etc/profile || echo "readonly TMOUT=1800 ; export TMOUT" >> /etc/profile \ No newline at end of file +[ -f /etc/bashrc ] && BRC="/etc/bashrc" +for f in "$BRC" /etc/profile /etc/profile.d/*.sh ; do + val_TMOUT=$(grep -vP "^#.*" $f | grep -Pio "TMOUT=[0-9]+" | tail -1 | cut -d"=" -f 2) + [[ -n $val_TMOUT ]] && ex_TMOUT=true + if [[ -n $val_TMOUT ]] && [[ $val_TMOUT -lt 600 || $val_TMOUT -gt 1800 ]] ; then + sed -ri s/"TMOUT=[0-9]+"/"TMOUT=900"/ $f + else + : + fi +done + +[[ $ex_TMOUT != "true" ]] && echo "readonly TMOUT=900 ; export TMOUT" >> /etc/profile \ No newline at end of file diff --git a/scanners/access-and-control/1.37-ensure-default-user-shell-timeout-is-900-seconds-or-less.sh b/scanners/access-and-control/1.37-ensure-default-user-shell-timeout-is-900-seconds-or-less.sh index a4a0e54c60637e9578843347fd08d1212d44f91b..189d2501cfe3520243e7929b55ea5bdc66298db8 100644 --- a/scanners/access-and-control/1.37-ensure-default-user-shell-timeout-is-900-seconds-or-less.sh +++ b/scanners/access-and-control/1.37-ensure-default-user-shell-timeout-is-900-seconds-or-less.sh @@ -1,16 +1,18 @@ -#!/usr/bin/env bash -CDTOS() -{ - output1="" output2="" - [ -f /etc/bashrc ] && BRC="/etc/bashrc" - for f in "$BRC" /etc/profile /etc/profile.d/*.sh ; do - grep -Pq '^\s*([^#]+\s+)?TMOUT=(900|[1-8][0-9][0-9]|[1-9][0-9]|[1-9])\b' "$f" && grep -Pq '^\s*([^#]+;\s*)?readonly\s+TMOUT(\s+|\s*;|\s*$|=(900|[1-8][0-9][0-9]|[1-9][0-9]|[1-9]))\b' "$f" && grep -Pq '^\s*([^#]+;\s*)?export\s+TMOUT(\s+|\s*;|\s*$|=(900|[1-8][0-9][0-9]|[1-9][0-9]|[1-9]))\b' "$f" && output1="$f" - done - grep -Pq '^\s*([^#]+\s+)?TMOUT=(9[0-9][1-9]|9[1-9][0-9]|0+|[1-9]\d{3,})\b' /etc/profile /etc/profile.d/*.sh "$BRC" && output2=$(grep -Ps '^\s*([^#]+\s+)?TMOUT=(9[0-9][1-9]|9[1-9][0-9]|0+|[1-9]\d{3,})\b' /etc/profile /etc/profile.d/*.sh $BRC) - if [ -n "$output1" ] && [ -z "$output2" ]; then +result=true + +[ -f /etc/bashrc ] && BRC="/etc/bashrc" +for f in "$BRC" /etc/profile /etc/profile.d/*.sh ; do + val_TMOUT=$(grep -vP "^#.*" $f | grep -Pio "TMOUT=[0-9]+" | tail -1 | cut -d"=" -f 2) + [[ -n $val_TMOUT ]] && ex_TMOUT=true + if [[ -n $val_TMOUT ]] && [[ $val_TMOUT == 0 || $val_TMOUT -gt 900 ]] ; then + result=false + else + : + fi +done + +if [[ $ex_TMOUT == true && $result == true ]]; then echo "pass" - else +else echo "fail" - fi -} -CDTOS \ No newline at end of file +fi \ No newline at end of file diff --git a/scanners/access-and-control/1.46-ensure-default-user-shell-timeout-is-between-600-and-1800-seconds.sh b/scanners/access-and-control/1.46-ensure-default-user-shell-timeout-is-between-600-and-1800-seconds.sh index 4044f896d5d19e5ba698d239672a8e20ba04b27c..fce7aade7230f33130b0f4cf70d121ce15650f98 100644 --- a/scanners/access-and-control/1.46-ensure-default-user-shell-timeout-is-between-600-and-1800-seconds.sh +++ b/scanners/access-and-control/1.46-ensure-default-user-shell-timeout-is-between-600-and-1800-seconds.sh @@ -1,11 +1,17 @@ -result=false -val_TMOUT=99999 -val_TMOUT=`grep -Pio "TMOUT=[0-9]+" /etc/profile | cut -d"=" -f 2` -val_TMOUT_Count=`grep -Pio "TMOUT=[0-9]+" /etc/profile | wc -l` +result=true -[[ $val_TMOUT_Count -eq 1 ]] && [[ $val_TMOUT -ge 600 ]] && [[ $val_TMOUT -le 1800 ]] && result=true +[ -f /etc/bashrc ] && BRC="/etc/bashrc" +for f in "$BRC" /etc/profile /etc/profile.d/*.sh ; do + val_TMOUT=$(grep -vP "^#.*" $f | grep -Pio "TMOUT=[0-9]+" | tail -1 | cut -d"=" -f 2) + [[ -n $val_TMOUT ]] && ex_TMOUT=true + if [[ -n $val_TMOUT ]] && [[ $val_TMOUT -lt 600 || $val_TMOUT -gt 1800 ]] ; then + result=false + else + : + fi +done -if [ "$result" = true ]; then +if [[ $ex_TMOUT == true && $result == true ]]; then echo "pass" else echo "fail"