the-bastion/bin/cron/osh-lingering-sessions-reaper.sh

#! /usr/bin/env bash
# vim: set filetype=sh ts=4 sw=4 sts=4 et:
set -e

basedir=$(readlink -f "$(dirname "$0")"/../..)
# shellcheck source=lib/shell/functions.inc
. "$basedir"/lib/shell/functions.inc

# default config values for this script
MAX_AGE=86400

# set error trap, read config, setup logging, exit early if script is disabled, etc.
script_init osh-lingering-sessions-reaper config_optional check_secure_lax

_log "Terminating lingering sessions..."

tokill=''
nb=0
# shellcheck disable=SC2162
while read etimes pid tty
do
    if [ "$tty" = "?" ] && [ "$etimes" -gt "$MAX_AGE" ]; then
        tokill="$tokill $pid"
        (( ++nb ))
    fi
done < <(ps -C ttyrec -o etimes,pid,tty --no-header)
if [ -n "$tokill" ]; then
    # add || true to avoid script termination due to TOCTTOU and set -e
    # shellcheck disable=SC2086
    kill $tokill || true
    _log "Terminated $nb orphan ttyrec sessions (pids$tokill)"
fi

tokill=''
nb=0
# shellcheck disable=SC2162
while read etimes pid tty user
do
    if [ "$tty" = "?" ] && [ "$user" != "root" ] && [ "$etimes" -gt "$MAX_AGE" ]; then
        if [ "$(ps --no-header --ppid "$pid" | wc -l)" = 0 ]; then
            tokill="$tokill $pid"
            (( ++nb ))
        fi
    fi
done < <(ps -C sshd --no-header -o etimes,pid,tty,user)
if [ -n "$tokill" ]; then
    # add || true to avoid script termination due to TOCTTOU and set -e
    # shellcheck disable=SC2086
    kill $tokill || true
    _log "Terminated $nb orphan sshd sessions (pids$tokill)"
fi

exit_success
Initial commit 2020-10-16 00:32:37 +08:00			`#! /usr/bin/env bash`
			`# vim: set filetype=sh ts=4 sw=4 sts=4 et:`
			`set -e`

			`basedir=$(readlink -f "$(dirname "$0")"/../..)`
			`# shellcheck source=lib/shell/functions.inc`
			`. "$basedir"/lib/shell/functions.inc`

enh: cron scripts: factorize common code and standardize logging 2022-01-20 23:51:45 +08:00			`# default config values for this script`
enh: osh-lingering-sessions-reaper: make it configurable 2022-01-21 23:58:14 +08:00			`MAX_AGE=86400`
Initial commit 2020-10-16 00:32:37 +08:00
enh: cron scripts: factorize common code and standardize logging 2022-01-20 23:51:45 +08:00			`# set error trap, read config, setup logging, exit early if script is disabled, etc.`
			`script_init osh-lingering-sessions-reaper config_optional check_secure_lax`
enh: satellite scripts: better error handling 2020-12-31 20:13:20 +08:00
Initial commit 2020-10-16 00:32:37 +08:00			`_log "Terminating lingering sessions..."`

			`tokill=''`
			`nb=0`
			`# shellcheck disable=SC2162`
			`while read etimes pid tty`
			`do`
enh: osh-lingering-sessions-reaper: make it configurable 2022-01-21 23:58:14 +08:00			`if [ "$tty" = "?" ] && [ "$etimes" -gt "$MAX_AGE" ]; then`
Initial commit 2020-10-16 00:32:37 +08:00			`tokill="$tokill $pid"`
fix: scripts: (( )) returns 1 if evaluated to zero 2021-01-15 23:06:46 +08:00			`(( ++nb ))`
Initial commit 2020-10-16 00:32:37 +08:00			`fi`
			`done < <(ps -C ttyrec -o etimes,pid,tty --no-header)`
			`if [ -n "$tokill" ]; then`
fix: osh-lingering-sessions-reaper.sh: tocttou on kill could terminate the script early 2021-01-14 17:35:48 +08:00			`# add \|\| true to avoid script termination due to TOCTTOU and set -e`
Initial commit 2020-10-16 00:32:37 +08:00			`# shellcheck disable=SC2086`
fix: osh-lingering-sessions-reaper.sh: tocttou on kill could terminate the script early 2021-01-14 17:35:48 +08:00			`kill $tokill \|\| true`
Initial commit 2020-10-16 00:32:37 +08:00			`_log "Terminated $nb orphan ttyrec sessions (pids$tokill)"`
			`fi`

			`tokill=''`
			`nb=0`
			`# shellcheck disable=SC2162`
			`while read etimes pid tty user`
			`do`
enh: osh-lingering-sessions-reaper: make it configurable 2022-01-21 23:58:14 +08:00			`if [ "$tty" = "?" ] && [ "$user" != "root" ] && [ "$etimes" -gt "$MAX_AGE" ]; then`
Initial commit 2020-10-16 00:32:37 +08:00			`if [ "$(ps --no-header --ppid "$pid" \| wc -l)" = 0 ]; then`
			`tokill="$tokill $pid"`
fix: scripts: (( )) returns 1 if evaluated to zero 2021-01-15 23:06:46 +08:00			`(( ++nb ))`
Initial commit 2020-10-16 00:32:37 +08:00			`fi`
			`fi`
			`done < <(ps -C sshd --no-header -o etimes,pid,tty,user)`
			`if [ -n "$tokill" ]; then`
fix: osh-lingering-sessions-reaper.sh: tocttou on kill could terminate the script early 2021-01-14 17:35:48 +08:00			`# add \|\| true to avoid script termination due to TOCTTOU and set -e`
Initial commit 2020-10-16 00:32:37 +08:00			`# shellcheck disable=SC2086`
fix: osh-lingering-sessions-reaper.sh: tocttou on kill could terminate the script early 2021-01-14 17:35:48 +08:00			`kill $tokill \|\| true`
Initial commit 2020-10-16 00:32:37 +08:00			`_log "Terminated $nb orphan sshd sessions (pids$tokill)"`
			`fi`

enh: cron scripts: factorize common code and standardize logging 2022-01-20 23:51:45 +08:00			`exit_success`