DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD Security

OpenBSD Security Functionally paranoid!

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 13th June 2015
Peter_APIIT Peter_APIIT is offline
Shell Scout
 
Join Date: Jun 2008
Posts: 121
Default Root Account Timeout

Dear All,

I'm tried to setup root account timeout by edited .profile
TMOUT=60

but this does not causes the root account been logout after inactive for 2 minutes.

Is this features is applicable to OpenBSD?

Please enlighten on this.
Reply With Quote
  #2   (View Single Post)  
Old 13th June 2015
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 6,910
Default

This environment variable is documented in the ksh(1) man page, and, this works for me when I export this as an environment variable. I'll guess that you failed to export the variable, so it remained local to .profile and was not exported to the environment.

From ksh(1):
Code:
     Parameters with the export attribute (set using the export or typeset -x
     commands, or by parameter assignments followed by simple commands) are
     put in the environment (see environ(7)) of commands run by the shell as
     name=value pairs.
Reply With Quote
  #3   (View Single Post)  
Old 13th June 2015
IdOp's Avatar
IdOp IdOp is offline
Too dumb for a smartphone
 
Join Date: May 2008
Location: twisting on the daemon's fork(2)
Posts: 896
Default

Quote:
Originally Posted by Peter_APIIT View Post
TMOUT=60

but this does not causes the root account been logout after inactive for 2 minutes.
Also, the TMOUT value is in seconds, so 60 would be 1 minute, not 2.
Reply With Quote
  #4   (View Single Post)  
Old 18th June 2015
Peter_APIIT Peter_APIIT is offline
Shell Scout
 
Join Date: Jun 2008
Posts: 121
Default

I'm know that TMOUT is in seconds.

Questions:
I'm think I had mess up with the .profile file.
When I'm issue this command export TMOUT=60 > .profile. The default content of file gone and display blank afterwards. What wrong with it ?

Both .profile file under /home/user and under / root directory also gives the same problem.
Besides that, export pkg_path does not add to the .profile file as well.

How to restore it or is this a normal situation?

Thanks for the help.
Reply With Quote
  #5   (View Single Post)  
Old 18th June 2015
bsd-keith bsd-keith is offline
Real Name: Keith
Open Source Software user
 
Join Date: Jun 2014
Location: Surrey/Hants Border, England
Posts: 214
Default

To append (add to) a file use >>, not > which overwrites (creates) it.

Edit: echo "export TMOUT=60" >> .profile
__________________
Linux since 1999, & also a BSD user.
Reply With Quote
  #6   (View Single Post)  
Old 20th June 2015
Peter_APIIT Peter_APIIT is offline
Shell Scout
 
Join Date: Jun 2008
Posts: 121
Default

Quote:
Originally Posted by bsd-keith View Post
To append (add to) a file use >>, not > which overwrites (creates) it.

Edit: echo "export TMOUT=60" >> .profile
How to restore back those files to original content? Thanks.
Reply With Quote
  #7   (View Single Post)  
Old 20th June 2015
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 6,910
Default

From backup. If you do not have a backup, you can extract the original files manually from the base57.tgz fileset, using tar(1).
Reply With Quote
  #8   (View Single Post)  
Old 23rd June 2015
Peter_APIIT Peter_APIIT is offline
Shell Scout
 
Join Date: Jun 2008
Posts: 121
Default

Where to find the base57.tgz file?

Can anyone copy the file content of .profile to here?
I could not find the .profile file under base57.tgz

Thanks. I'll working on it later.

Last edited by Peter_APIIT; 23rd June 2015 at 11:44 AM. Reason: Add question
Reply With Quote
  #9   (View Single Post)  
Old 23rd June 2015
bsd-keith bsd-keith is offline
Real Name: Keith
Open Source Software user
 
Join Date: Jun 2014
Location: Surrey/Hants Border, England
Posts: 214
Default

You will find it on your install media, or online such as, for example,
ftp://mirror.ox.ac.uk/pub/OpenBSD/5.7/i386/
__________________
Linux since 1999, & also a BSD user.
Reply With Quote
Old 24th June 2015
Peter_APIIT Peter_APIIT is offline
Shell Scout
 
Join Date: Jun 2008
Posts: 121
Default

Can anyone copy the file content of .profile to here?
Reply With Quote
Old 24th June 2015
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 6,910
Default

Click here.
Reply With Quote
Old 24th June 2015
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 6,910
Default A teaching moment for filesets and backups

Filesets

When you use tar(1) to scan the base57.tgz fileset for "profile", you don't find the /root/.profile. Here's an example with the i386 fileset, which only shows a Perl support file:
Code:
$ tar tzf base57.tgz | grep profile
./usr/libdata/perl5/site_perl/i386-openbsd/i386/profile.ph
$
This is because the etc*.tgz fileset is no longer shipped separately. It is, instead, included within the base* fileset:
Code:
$tar tzf base57.tgz | grep etc.tgz
./usr/share/sysmerge/etc.tgz
$
If we extract the fileset within, we can then search it.
Code:
$ tar xzf base57.tgz ./usr/share/sysmerge/etc.tgz
$ tar tzf usr/share/sysmerge/etc.tgz | grep profile
./.profile
./etc/skel/.profile
./root/.profile
$
Because of this layered fileset approach, new with 5.7, you will find a copy of the etc.tgz internal fileset already stored in your system, within /usr/sysmerge.

Backups

Peter,

This project file is available in many different ways, including the CVS source repositories, which is what I provided in the link earlier today.

But what if this file had been yours, and not a Project file?

You need to determine an appropriate backup strategy, develop it, test it, and implement it. Had this file been your data, it would be have been lost.

Last edited by jggimi; 24th June 2015 at 12:39 PM. Reason: typo in one of the example commands
Reply With Quote
Old 25th June 2015
Peter_APIIT Peter_APIIT is offline
Shell Scout
 
Join Date: Jun 2008
Posts: 121
Default

Quote:
Originally Posted by jggimi View Post
Click here.

In short, I'm just need to copy the whole content of this file into my .profile because I'm suspect some of the content is not exists in my default .profile. Right.

My .profile was in default content. Therefore, no worry about the content. I'll develop the backup strategy later.

Thanks jggmi.
Reply With Quote
Old 26th June 2015
Peter_APIIT Peter_APIIT is offline
Shell Scout
 
Join Date: Jun 2008
Posts: 121
Default

Problem solved. Thanks.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
uw-imap connection timeout andrewm OpenBSD Packages and Ports 4 22nd October 2009 11:03 AM
/bsd: ral0: device timeout revzalot OpenBSD General 3 22nd July 2008 10:15 PM
Error 504 gateway timeout bsdbsd FreeBSD General 0 15th June 2008 01:06 PM
sshd and timeout Sunsawe FreeBSD Security 6 29th May 2008 12:54 PM


All times are GMT. The time now is 01:23 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick