Closed djhaynes closed 4 years ago
@djhaynes Technically, this should be modified to only pick up the last instance of TMOUT
and should also hook in /etc/profile
.
Now this gets hairy because:
/etc/bashrc
or /etc/profile
TMOUT
value can be changed by the user unless readonly TMOUT
is set after setting TMOUT
(which makes the current check a 'feel good' check instead of something useful.
TMOUT
and then stop processing at either readonly TMOUT
or the last instance of TMOUT
found.Not sure if you just want to merge this in or go ahead and fix these items while you're poking around.
Also, could you update the title of this PR to reflect the changes?
@trevor-vaughan the parse_config_file returns the last TMOUT value found in a particular file by default. Is that what you are referring to?
@djhaynes Not exactly. What we need is the last TMOUT found in all config files processed.
For instance:
/etc/profile.d/00_foo
=> TMOUT=500
/etc/profile.d/ZZ_bar
=> TMOUT=10
Result: TMOUT=10
Unless 00_foo
has:
TMOUT=500
readonly TMOUT
@trevor-vaughan Is it fair to assume that TMOUT is set only once per file?
So we are checking multiple things:
read-only
is set or not active
and passive
testingfinal
value and if it is immutable or not are the things we should be testing right?Am I missing anything here?
I took another pass at this control. It now operates as follows:
Check the TMOUT environment variable (active test) - pass/fail the control based on if the value is <= system_activity_timeout
Loop through all files (passive test)
If TMOUT isn't found in a file - skip it and continue processing other files
If TMOUT is found - loop through all occurrences of TMOUT in the file
If it is a commented out line - skip it
If it contains 'readonly TMOUT = <value>' - get the value and end processing of files
If it contains 'readonly TMOUT' - get the latest TMOUT value from the current file. Otherwise, use the last value from the previous file and end processing of files
Readonly is not set - make the current value the latest value seen
If latest value is nil - fail the control for TMOUT not being configured
If latest value is not nil - pass/fail the control based on if the value is <= system_activity_timeout
Fixed a bug in 72223 where it was reporting a value of nil when the configuration setting was not set in a file. The code now reports that the configuration setting is not configured in the specific file.