From 338d61653949aadc63db6d5ab8c5891a07ff40a2 Mon Sep 17 00:00:00 2001
From: Yuqing Yang <yyq01323329@alibaba-inc.com>
Date: Fri, 17 Nov 2023 15:56:56 +0800
Subject: [PATCH] Fixed conflicts in 1.37 1.46.optimized remediation-kit and
 scanner script logic.

Signed-off-by: Yuqing Yang <yyq01323329@alibaba-inc.com>
---
 ...er-shell-timeout-is-900-seconds-or-less.sh | 13 +++++++-
 ...timeout-is-between-600-and-1800-seconds.sh | 13 +++++++-
 ...er-shell-timeout-is-900-seconds-or-less.sh | 30 ++++++++++---------
 ...timeout-is-between-600-and-1800-seconds.sh | 18 +++++++----
 4 files changed, 52 insertions(+), 22 deletions(-)

diff --git a/remediation-kits/access-and-control/1.37-ensure-default-user-shell-timeout-is-900-seconds-or-less.sh b/remediation-kits/access-and-control/1.37-ensure-default-user-shell-timeout-is-900-seconds-or-less.sh
index 7b13bd6..c516a5c 100644
--- a/remediation-kits/access-and-control/1.37-ensure-default-user-shell-timeout-is-900-seconds-or-less.sh
+++ b/remediation-kits/access-and-control/1.37-ensure-default-user-shell-timeout-is-900-seconds-or-less.sh
@@ -1 +1,12 @@
-grep -Psq "^readonly TMOUT=900 ; export TMOUT" /etc/profile || echo "readonly TMOUT=900 ; export TMOUT" >> /etc/profile
+[ -f /etc/bashrc ] && BRC="/etc/bashrc"
+for f in "$BRC" /etc/profile /etc/profile.d/*.sh ; do
+    val_TMOUT=$(grep -vP "^#.*" $f | grep -Pio "TMOUT=[0-9]+" | tail -1 | cut -d"=" -f 2)
+    [[ -n $val_TMOUT ]] && ex_TMOUT=true
+    if [[ -n $val_TMOUT ]] && [[ $val_TMOUT == 0 || $val_TMOUT -gt 900 ]] ; then
+        sed -ri s/"TMOUT=[0-9]+"/"TMOUT=900"/ $f
+    else
+        :
+    fi
+done
+
+[[ $ex_TMOUT != "true" ]] && echo "readonly TMOUT=900 ; export TMOUT" >> /etc/profile
diff --git a/remediation-kits/access-and-control/1.46-ensure-default-user-shell-timeout-is-between-600-and-1800-seconds.sh b/remediation-kits/access-and-control/1.46-ensure-default-user-shell-timeout-is-between-600-and-1800-seconds.sh
index 1f96cdd..8849531 100644
--- a/remediation-kits/access-and-control/1.46-ensure-default-user-shell-timeout-is-between-600-and-1800-seconds.sh
+++ b/remediation-kits/access-and-control/1.46-ensure-default-user-shell-timeout-is-between-600-and-1800-seconds.sh
@@ -1 +1,12 @@
-grep -Piq "TMOUT=[0-9]+" /etc/profile || echo "readonly TMOUT=1800 ; export TMOUT" >> /etc/profile
\ No newline at end of file
+[ -f /etc/bashrc ] && BRC="/etc/bashrc"
+for f in "$BRC" /etc/profile /etc/profile.d/*.sh ; do
+    val_TMOUT=$(grep -vP "^#.*" $f | grep -Pio "TMOUT=[0-9]+" | tail -1 | cut -d"=" -f 2)
+    [[ -n $val_TMOUT ]] && ex_TMOUT=true
+    if [[ -n $val_TMOUT ]] && [[ $val_TMOUT -lt 600 || $val_TMOUT -gt 1800 ]] ; then
+        sed -ri s/"TMOUT=[0-9]+"/"TMOUT=900"/ $f
+    else
+        :
+    fi
+done
+
+[[ $ex_TMOUT != "true" ]] && echo "readonly TMOUT=900 ; export TMOUT" >> /etc/profile
\ No newline at end of file
diff --git a/scanners/access-and-control/1.37-ensure-default-user-shell-timeout-is-900-seconds-or-less.sh b/scanners/access-and-control/1.37-ensure-default-user-shell-timeout-is-900-seconds-or-less.sh
index a4a0e54..189d250 100644
--- a/scanners/access-and-control/1.37-ensure-default-user-shell-timeout-is-900-seconds-or-less.sh
+++ b/scanners/access-and-control/1.37-ensure-default-user-shell-timeout-is-900-seconds-or-less.sh
@@ -1,16 +1,18 @@
-#!/usr/bin/env bash
-CDTOS()
-{
- output1="" output2=""
- [ -f /etc/bashrc ] && BRC="/etc/bashrc"
- for f in "$BRC" /etc/profile /etc/profile.d/*.sh ; do
- grep -Pq '^\s*([^#]+\s+)?TMOUT=(900|[1-8][0-9][0-9]|[1-9][0-9]|[1-9])\b' "$f" && grep -Pq '^\s*([^#]+;\s*)?readonly\s+TMOUT(\s+|\s*;|\s*$|=(900|[1-8][0-9][0-9]|[1-9][0-9]|[1-9]))\b' "$f" && grep -Pq '^\s*([^#]+;\s*)?export\s+TMOUT(\s+|\s*;|\s*$|=(900|[1-8][0-9][0-9]|[1-9][0-9]|[1-9]))\b' "$f" &&  output1="$f"
- done
- grep -Pq '^\s*([^#]+\s+)?TMOUT=(9[0-9][1-9]|9[1-9][0-9]|0+|[1-9]\d{3,})\b' /etc/profile /etc/profile.d/*.sh "$BRC" && output2=$(grep -Ps '^\s*([^#]+\s+)?TMOUT=(9[0-9][1-9]|9[1-9][0-9]|0+|[1-9]\d{3,})\b' /etc/profile /etc/profile.d/*.sh $BRC)
- if [ -n "$output1" ] && [ -z "$output2" ]; then
+result=true
+
+[ -f /etc/bashrc ] && BRC="/etc/bashrc"
+for f in "$BRC" /etc/profile /etc/profile.d/*.sh ; do
+    val_TMOUT=$(grep -vP "^#.*" $f | grep -Pio "TMOUT=[0-9]+" | tail -1 | cut -d"=" -f 2)
+    [[ -n $val_TMOUT ]] && ex_TMOUT=true
+    if [[ -n $val_TMOUT ]] && [[ $val_TMOUT == 0 || $val_TMOUT -gt 900 ]] ; then
+        result=false
+    else
+        :
+    fi
+done
+
+if [[ $ex_TMOUT == true && $result == true ]]; then
     echo "pass"
- else
+else
     echo "fail"
- fi
-}
-CDTOS
\ No newline at end of file
+fi
\ No newline at end of file
diff --git a/scanners/access-and-control/1.46-ensure-default-user-shell-timeout-is-between-600-and-1800-seconds.sh b/scanners/access-and-control/1.46-ensure-default-user-shell-timeout-is-between-600-and-1800-seconds.sh
index 4044f89..fce7aad 100644
--- a/scanners/access-and-control/1.46-ensure-default-user-shell-timeout-is-between-600-and-1800-seconds.sh
+++ b/scanners/access-and-control/1.46-ensure-default-user-shell-timeout-is-between-600-and-1800-seconds.sh
@@ -1,11 +1,17 @@
-result=false
-val_TMOUT=99999
-val_TMOUT=`grep -Pio "TMOUT=[0-9]+" /etc/profile | cut -d"=" -f 2`
-val_TMOUT_Count=`grep -Pio "TMOUT=[0-9]+" /etc/profile | wc -l`
+result=true
 
-[[ $val_TMOUT_Count -eq 1 ]] && [[ $val_TMOUT -ge 600 ]] && [[ $val_TMOUT -le 1800 ]] && result=true
+[ -f /etc/bashrc ] && BRC="/etc/bashrc"
+for f in "$BRC" /etc/profile /etc/profile.d/*.sh ; do
+    val_TMOUT=$(grep -vP "^#.*" $f | grep -Pio "TMOUT=[0-9]+" | tail -1 | cut -d"=" -f 2)
+    [[ -n $val_TMOUT ]] && ex_TMOUT=true
+    if [[ -n $val_TMOUT ]] && [[ $val_TMOUT -lt 600 || $val_TMOUT -gt 1800 ]] ; then
+        result=false
+    else
+        :
+    fi
+done
 
-if [ "$result" = true ]; then
+if [[ $ex_TMOUT == true && $result == true ]]; then
     echo "pass"
 else
     echo "fail"
-- 
Gitee