Jurjen Oskam wrote: > On Thu, Oct 14, 2010 at 06:17:23PM -0400, Brad Tilley wrote: > >> I thought about doing that too. I need to test it more to see what >> happens when ksh is the shell and the user executes csh manually. I >> suppose ksh will still honor TMOUT in that case. > > TMOUT is at most a convenience, not a security measure: > > $ TMOUT=600 > $ readonly TMOUT > $ exec perl -e 'delete $ENV{TMOUT} ; exec "/bin/ksh";' > $ echo $TMOUT > 0 > $ >
Understood. If an employee did that, there should be measures in place at the policy level to deal with that behavior (if it is discovered). 70% of the PCI DSS controls are policy and procedure, not technical. Thanks to all for feedback, I appreciate it. Brad