5.4.5_default_timeout miss TMOUT detection

Question

5.4.5_default_timeout miss TMOUT detection

sblaisot opened this issue 3 years ago · 0 comments

5.4.5_default_timeout check for TMOUT= at the beginning of line only (pattern searched is ^TMOUT=) but CIS benchmark recommend using `readonly TMOUT=900; exort TMOUT' so the pattern is not at the beginning of line and subsequently the check fails.

This check should not enforce TMOUT= being at the beginning of line or at least allow optional readonly or export keyword before the variable assignment.

Debug run :

bin/hardening/5.4.5_default_timeout.sh --audit-all pouet
5.4.5_default_timeout     [DBG ] Audit all specified, setting status to audit regardless of configuration
5.4.5_default_timeout     [DBG ] Unknown option passed
5.4.5_default_timeout     [INFO] Working on 5.4.5_default_timeout
5.4.5_default_timeout     [INFO] [DESCRIPTION] Timeout 600 seconds on tty.
5.4.5_default_timeout     [INFO] Checking Configuration
5.4.5_default_timeout     [INFO] Performing audit
5.4.5_default_timeout     [DBG ] Checking if ^TMOUT= is present in /etc/bash.bashrc
5.4.5_default_timeout     [DBG ]  grep -q -E -- '^TMOUT=' /etc/bash.bashrc
5.4.5_default_timeout     [DBG ] Pattern NOT found in /etc/bash.bashrc
5.4.5_default_timeout     [DBG ] TMOUT= is not present in /etc/bash.bashrc
5.4.5_default_timeout     [DBG ] /etc/profile.d is a directory
5.4.5_default_timeout     [DBG ] Checking if ^TMOUT= is present in /etc/profile.d/bash_autologout.sh
5.4.5_default_timeout     [DBG ]  grep -q -E -- '^TMOUT=' /etc/profile.d/bash_autologout.sh
5.4.5_default_timeout     [DBG ] Pattern NOT found in /etc/profile.d/bash_autologout.sh 

Note: It should have been found in this file ^

5.4.5_default_timeout     [DBG ] TMOUT= is not present in /etc/profile.d//etc/profile.d/bash_autologout.sh
5.4.5_default_timeout     [DBG ] Checking if ^TMOUT= is present in /etc/profile.d/bash_completion.sh
5.4.5_default_timeout     [DBG ]  grep -q -E -- '^TMOUT=' /etc/profile.d/bash_completion.sh
5.4.5_default_timeout     [DBG ] Pattern NOT found in /etc/profile.d/bash_completion.sh
5.4.5_default_timeout     [DBG ] TMOUT= is not present in /etc/profile.d//etc/profile.d/bash_completion.sh
5.4.5_default_timeout     [DBG ] Checking if ^TMOUT= is present in /etc/profile
5.4.5_default_timeout     [DBG ]  grep -q -E -- '^TMOUT=' /etc/profile
5.4.5_default_timeout     [DBG ] Pattern NOT found in /etc/profile
5.4.5_default_timeout     [DBG ] TMOUT= is not present in /etc/profile
5.4.5_default_timeout     [ KO ] TMOUT= is not present in /etc/bash.bashrc /etc/profile.d /etc/profile
5.4.5_default_timeout     [ KO ] Check Failed