Difference between revisions of "shell inactivity timout"

From cpwiki.net
Jump to: navigation, search
Check Point Profressional Services
m (view the current idle timeout)
 
(7 intermediate revisions by one user not shown)
Line 1: Line 1:
shell timeout for ssh session is controlled by an environment variable called TMOUT.  it is a ridiculously annoyingly low 180 seconds / 3 minutes by default for many check point platforms.   
+
Gaia and SPLAT shell/ssh timout values
 +
 
 +
 
 +
==newer Gaia versions==
 +
 
 +
In Clish:
 +
 
 +
===view the current idle timeout===
 +
 
 +
For Gaia Web Portal session:
 +
 
 +
        HostName> '''show web session-timeout'''
 +
 
 +
For Clish session:
 +
 
 +
        HostName> '''show inactivity-timeout'''
 +
 
 +
===To change the current idle===
 +
 
 +
For Gaia Portal session:
 +
 
 +
        HostName> '''set web session-timeout VALUE'''
 +
 
 +
For Clish session:
 +
 
 +
        HostName> '''set inactivity-timeout VALUE'''
 +
 
 +
Don't forget to save the config changes above
 +
 
 +
==older CP versions==
 +
 
 +
 
 +
versions: Tested for SPLAT R75.30  & Gaia R75 & R77.10
 +
 
 +
the shell timeout for ssh session is controlled by an environment variable called TMOUT.  it is a ridiculously annoyingly low 180 seconds / 3 minutes by default for many check point platforms.   
 +
 
 +
 
 +
=== check current timeout value ===
  
 
  [Expert@myfirewall:0]# '''echo $TMOUT'''
 
  [Expert@myfirewall:0]# '''echo $TMOUT'''
Line 5: Line 42:
  
 
to change it, use cpshell with account that has root privelege access on SPLAT or Gaia, and set the ilde time...
 
to change it, use cpshell with account that has root privelege access on SPLAT or Gaia, and set the ilde time...
 +
 +
 +
=== changing timeout value ===
 +
  
 
[Expert@myfirewall]# '''cpshell'''
 
[Expert@myfirewall]# '''cpshell'''
Line 16: Line 57:
 
'''
 
'''
  
*** note, an "Expert" prompt doesn't mean your account has root priveleges.
+
--- note, an "Expert" prompt doesn't mean your account has root priveleges.
 +
 
 +
when running the idle command from cpshell for the first time, it creates the following file:
 +
/etc/cpshell/cpshell.state
 +
 
 +
this file containes the idle setting
 +
[Expert@myfirewall]# '''cat /etc/cpshell/cpshell.state | grep idle'''
 +
idle=15
 +
 
 +
This file gets parsed by /etc/bashrc when setting up a shell for a newly connected user
 +
 
 +
=== shell startup code ===
 +
 
  
The value is set by /etc/bashrc
+
The TMOUT value is set by /etc/bashrc.  You can alter the global bashrc or configure local ones for user accounts.  Rather than change the global bashrc, the examples above utilize cpshell to set it.  If you want to change the global bashrc file, below are the snippets of code that control it from a couple of different releases.
  
 
example /etc/bashrc from Check Point Gaia R77.10
 
example /etc/bashrc from Check Point Gaia R77.10

Latest revision as of 16:53, 28 September 2015

Gaia and SPLAT shell/ssh timout values


Contents

newer Gaia versions

In Clish:

view the current idle timeout

For Gaia Web Portal session:

       HostName> show web session-timeout

For Clish session:

       HostName> show inactivity-timeout

To change the current idle

For Gaia Portal session:

       HostName> set web session-timeout VALUE

For Clish session:

       HostName> set inactivity-timeout VALUE

Don't forget to save the config changes above

older CP versions

versions: Tested for SPLAT R75.30 & Gaia R75 & R77.10

the shell timeout for ssh session is controlled by an environment variable called TMOUT. it is a ridiculously annoyingly low 180 seconds / 3 minutes by default for many check point platforms.


check current timeout value

[Expert@myfirewall:0]# echo $TMOUT
600

to change it, use cpshell with account that has root privelege access on SPLAT or Gaia, and set the ilde time...


changing timeout value

[Expert@myfirewall]# cpshell

set idle time in minutes

[myfirewall]# idle 15

if you want it to take effect in your current shell... exit cpshell, from the expert prompt...

[Expert@myfirewall]# source /etc/bashrc

--- note, an "Expert" prompt doesn't mean your account has root priveleges.

when running the idle command from cpshell for the first time, it creates the following file:

/etc/cpshell/cpshell.state

this file containes the idle setting

[Expert@myfirewall]# cat /etc/cpshell/cpshell.state | grep idle
idle=15

This file gets parsed by /etc/bashrc when setting up a shell for a newly connected user

shell startup code

The TMOUT value is set by /etc/bashrc. You can alter the global bashrc or configure local ones for user accounts. Rather than change the global bashrc, the examples above utilize cpshell to set it. If you want to change the global bashrc file, below are the snippets of code that control it from a couple of different releases.

example /etc/bashrc from Check Point Gaia R77.10

# SPLAT specific setup
IDLE="`sed -n 's/idle=//p' /etc/cpshell/cpshell.state 2>/dev/null`"
[ -z "$IDLE" ] && IDLE=3
export TMOUT=`expr $IDLE \* 60`



example /etc/bashrc from Check Point SecurePlatform R75.30

# By default, log out the user after three minutes of unattended prompt
export TMOUT=180
export SHELL=/bin/bash

# Take into account idle setting of cpshell, if available if [ -f /etc/cpshell/cpshell.state ]; then idle=`grep idle /etc/cpshell/cpshell.state | sed s/idle=//` if [ $idle"UNDEFINED" = "UNDEFINED" ]; then idle=3 fi export TMOUT=`expr $idle \* 60` fi