Difference between revisions of "shell inactivity timout"
m (→view the current idle timeout) |
|||
(7 intermediate revisions by one user not shown) | |||
Line 1: | Line 1: | ||
− | shell timeout for ssh session is controlled by an environment variable called TMOUT. it is a ridiculously annoyingly low 180 seconds / 3 minutes by default for many check point platforms. | + | Gaia and SPLAT shell/ssh timout values |
+ | |||
+ | |||
+ | ==newer Gaia versions== | ||
+ | |||
+ | In Clish: | ||
+ | |||
+ | ===view the current idle timeout=== | ||
+ | |||
+ | For Gaia Web Portal session: | ||
+ | |||
+ | HostName> '''show web session-timeout''' | ||
+ | |||
+ | For Clish session: | ||
+ | |||
+ | HostName> '''show inactivity-timeout''' | ||
+ | |||
+ | ===To change the current idle=== | ||
+ | |||
+ | For Gaia Portal session: | ||
+ | |||
+ | HostName> '''set web session-timeout VALUE''' | ||
+ | |||
+ | For Clish session: | ||
+ | |||
+ | HostName> '''set inactivity-timeout VALUE''' | ||
+ | |||
+ | Don't forget to save the config changes above | ||
+ | |||
+ | ==older CP versions== | ||
+ | |||
+ | |||
+ | versions: Tested for SPLAT R75.30 & Gaia R75 & R77.10 | ||
+ | |||
+ | the shell timeout for ssh session is controlled by an environment variable called TMOUT. it is a ridiculously annoyingly low 180 seconds / 3 minutes by default for many check point platforms. | ||
+ | |||
+ | |||
+ | === check current timeout value === | ||
[Expert@myfirewall:0]# '''echo $TMOUT''' | [Expert@myfirewall:0]# '''echo $TMOUT''' | ||
Line 5: | Line 42: | ||
to change it, use cpshell with account that has root privelege access on SPLAT or Gaia, and set the ilde time... | to change it, use cpshell with account that has root privelege access on SPLAT or Gaia, and set the ilde time... | ||
+ | |||
+ | |||
+ | === changing timeout value === | ||
+ | |||
[Expert@myfirewall]# '''cpshell''' | [Expert@myfirewall]# '''cpshell''' | ||
Line 16: | Line 57: | ||
''' | ''' | ||
− | + | --- note, an "Expert" prompt doesn't mean your account has root priveleges. | |
+ | |||
+ | when running the idle command from cpshell for the first time, it creates the following file: | ||
+ | /etc/cpshell/cpshell.state | ||
+ | |||
+ | this file containes the idle setting | ||
+ | [Expert@myfirewall]# '''cat /etc/cpshell/cpshell.state | grep idle''' | ||
+ | idle=15 | ||
+ | |||
+ | This file gets parsed by /etc/bashrc when setting up a shell for a newly connected user | ||
+ | |||
+ | === shell startup code === | ||
+ | |||
− | The value is set by /etc/bashrc | + | The TMOUT value is set by /etc/bashrc. You can alter the global bashrc or configure local ones for user accounts. Rather than change the global bashrc, the examples above utilize cpshell to set it. If you want to change the global bashrc file, below are the snippets of code that control it from a couple of different releases. |
example /etc/bashrc from Check Point Gaia R77.10 | example /etc/bashrc from Check Point Gaia R77.10 |
Latest revision as of 16:53, 28 September 2015
Gaia and SPLAT shell/ssh timout values
Contents |
newer Gaia versions
In Clish:
view the current idle timeout
For Gaia Web Portal session:
HostName> show web session-timeout
For Clish session:
HostName> show inactivity-timeout
To change the current idle
For Gaia Portal session:
HostName> set web session-timeout VALUE
For Clish session:
HostName> set inactivity-timeout VALUE
Don't forget to save the config changes above
older CP versions
versions: Tested for SPLAT R75.30 & Gaia R75 & R77.10
the shell timeout for ssh session is controlled by an environment variable called TMOUT. it is a ridiculously annoyingly low 180 seconds / 3 minutes by default for many check point platforms.
check current timeout value
[Expert@myfirewall:0]# echo $TMOUT 600
to change it, use cpshell with account that has root privelege access on SPLAT or Gaia, and set the ilde time...
changing timeout value
[Expert@myfirewall]# cpshell
set idle time in minutes
[myfirewall]# idle 15
if you want it to take effect in your current shell... exit cpshell, from the expert prompt...
[Expert@myfirewall]# source /etc/bashrc
--- note, an "Expert" prompt doesn't mean your account has root priveleges.
when running the idle command from cpshell for the first time, it creates the following file:
/etc/cpshell/cpshell.state
this file containes the idle setting
[Expert@myfirewall]# cat /etc/cpshell/cpshell.state | grep idle idle=15
This file gets parsed by /etc/bashrc when setting up a shell for a newly connected user
shell startup code
The TMOUT value is set by /etc/bashrc. You can alter the global bashrc or configure local ones for user accounts. Rather than change the global bashrc, the examples above utilize cpshell to set it. If you want to change the global bashrc file, below are the snippets of code that control it from a couple of different releases.
example /etc/bashrc from Check Point Gaia R77.10
# SPLAT specific setup IDLE="`sed -n 's/idle=//p' /etc/cpshell/cpshell.state 2>/dev/null`" [ -z "$IDLE" ] && IDLE=3 export TMOUT=`expr $IDLE \* 60`
example /etc/bashrc from Check Point SecurePlatform R75.30
# By default, log out the user after three minutes of unattended prompt export TMOUT=180 export SHELL=/bin/bash
# Take into account idle setting of cpshell, if available if [ -f /etc/cpshell/cpshell.state ]; then idle=`grep idle /etc/cpshell/cpshell.state | sed s/idle=//` if [ $idle"UNDEFINED" = "UNDEFINED" ]; then idle=3 fi export TMOUT=`expr $idle \* 60` fi