From 6d6974e8888fb0718c4c7c54c0ce7c06a4b4c4bb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Renaud=20M=C3=A9trich?= <rmetrich@redhat.com>
Date: Mon, 20 Nov 2023 10:52:54 +0100
Subject: [PATCH 1/3] xccdf_org.ssgproject.content_rule_accounts_tmout: replace
 'declare' by 'typeset'

On bash and zsh, these are synonyms, but 'declare' is not known to ksh,
causing an error message when having /etc/profile.d/tmout.sh loaded:
-------- 8< ---------------- 8< ---------------- 8< --------
/etc/profile[68]: .: line 731: declare: not found
-------- 8< ---------------- 8< ---------------- 8< --------

'typeset' works on every known sh shell, including ksh.
---
 .../accounts-session/accounts_tmout/ansible/shared.yml    | 6 +++---
 .../accounts-session/accounts_tmout/bash/shared.sh        | 6 ++----
 .../accounts-session/accounts_tmout/oval/shared.xml       | 2 +-
 .../accounts_tmout/policy/stig/shared.yml                 | 2 +-
 .../accounts/accounts-session/accounts_tmout/rule.yml     | 2 +-
 .../tests/conflicting_values_diff_file.fail.sh            | 4 ++--
 .../tests/conflicting_values_same_file.fail.sh            | 4 ++--
 .../accounts_tmout/tests/correct_value_bashrc.pass.sh     | 2 +-
 .../accounts_tmout/tests/correct_value_profile.pass.sh    | 4 ++--
 .../accounts_tmout/tests/correct_value_profile_d.pass.sh  | 4 ++--
 .../tests/duplicate_correct_value_diff_files.pass.sh      | 4 ++--
 .../tests/duplicate_correct_value_profile.pass.sh         | 8 ++++----
 .../tests/duplicate_correct_value_profile_d.pass.sh       | 8 ++++----
 .../accounts_tmout/tests/supercompliance_profile.pass.sh  | 4 ++--
 .../tests/supercompliance_profile_d.pass.sh               | 4 ++--
 .../accounts_tmout/tests/wrong_value_bashrc.fail.sh       | 2 +-
 16 files changed, 32 insertions(+), 34 deletions(-)

diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_tmout/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/ansible/shared.yml
index 850514d0aff..7fedef9c821 100644
--- a/linux_os/guide/system/accounts/accounts-session/accounts_tmout/ansible/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/ansible/shared.yml
@@ -16,7 +16,7 @@
   replace:
     path: /etc/bashrc
     regexp: '^[^#].*TMOUT=.*'
-    replace: declare -xr TMOUT={{ var_accounts_tmout }}
+    replace: typeset -xr TMOUT={{ var_accounts_tmout }}
   register: bashrc_replaced
 {{% endif %}}
 
@@ -24,8 +24,8 @@
   replace:
     path: /etc/profile
     regexp: '^[^#].*TMOUT=.*'
-    replace: declare -xr TMOUT={{ var_accounts_tmout }}
+    replace: typeset -xr TMOUT={{ var_accounts_tmout }}
   register: profile_replaced
 
-{{{ ansible_lineinfile("", "/etc/profile.d/tmout.sh", regex='TMOUT=', new_line='declare -xr TMOUT={{ var_accounts_tmout }}',
+{{{ ansible_lineinfile("", "/etc/profile.d/tmout.sh", regex='TMOUT=', new_line='typeset -xr TMOUT={{ var_accounts_tmout }}',
     create='yes', state='present', when="profile_replaced is defined and not profile_replaced.changed" + " and bashrc_replaced is defined and not bashrc_replaced.changed" if product in ["ol7", "rhel7"]) }}}
diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_tmout/bash/shared.sh b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/bash/shared.sh
index 3dffe98fa54..f9a441f1326 100644
--- a/linux_os/guide/system/accounts/accounts-session/accounts_tmout/bash/shared.sh
+++ b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/bash/shared.sh
@@ -16,14 +16,12 @@ for f in /etc/profile /etc/profile.d/*.sh /etc/bashrc; do
 for f in /etc/profile /etc/profile.d/*.sh; do
 {{% endif %}}
     if grep --silent '^[^#].*TMOUT' $f; then
-        sed -i -E "s/^(.*)TMOUT\s*=\s*(\w|\$)*(.*)$/declare -xr TMOUT=$var_accounts_tmout\3/g" $f
+        sed -i -E "s/^(.*)TMOUT\s*=\s*(\w|\$)*(.*)$/typeset -xr TMOUT=$var_accounts_tmout\3/g" $f
         tmout_found=1
     fi
 done
 
 if [ $tmout_found -eq 0 ]; then
         echo -e "\n# Set TMOUT to $var_accounts_tmout per security requirements" >> /etc/profile.d/tmout.sh
-        echo "declare -xr TMOUT=$var_accounts_tmout" >> /etc/profile.d/tmout.sh
-        echo "readonly TMOUT" >> /etc/profile.d/tmout.sh
-        echo "export TMOUT" >> /etc/profile.d/tmout.sh
+        echo "typeset -xr TMOUT=$var_accounts_tmout" >> /etc/profile.d/tmout.sh
 fi
diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_tmout/oval/shared.xml b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/oval/shared.xml
index 7d4baa94d44..5987ed275c4 100644
--- a/linux_os/guide/system/accounts/accounts-session/accounts_tmout/oval/shared.xml
+++ b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/oval/shared.xml
@@ -40,7 +40,7 @@
     {{% if product in ['sle12', 'sle15'] or "ubuntu" in product %}}
     <ind:pattern operation="pattern match">^[\s]*TMOUT=([\w$]+)[\s]*readonly TMOUT[\s]*export TMOUT$</ind:pattern>
     {{% else %}}
-    <ind:pattern operation="pattern match">^[\s]*declare[\s]+-xr[\s]+TMOUT=([\w$]+).*$</ind:pattern>
+    <ind:pattern operation="pattern match">^[\s]*typeset[\s]+-xr[\s]+TMOUT=([\w$]+).*$</ind:pattern>
     {{% endif %}}
     <ind:instance operation="greater than or equal" datatype="int">1</ind:instance>
   </ind:textfilecontent54_object>
diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_tmout/policy/stig/shared.yml b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/policy/stig/shared.yml
index e397712bd8b..16da1005331 100644
--- a/linux_os/guide/system/accounts/accounts-session/accounts_tmout/policy/stig/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/policy/stig/shared.yml
@@ -12,7 +12,7 @@ checktext: |-
 
     $ sudo grep -i tmout /etc/profile /etc/profile.d/*.sh
 
-    etc/profile.d/tmout.sh:declare -xr TMOUT=900
+    etc/profile.d/tmout.sh:typeset -xr TMOUT=900
 
     If "TMOUT" is not set to "900" or less in a script located in the /etc/profile.d/ directory to enforce session termination after inactivity, this is a finding.
 
diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_tmout/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/rule.yml
index f8b4c743a48..3be73740b76 100644
--- a/linux_os/guide/system/accounts/accounts-session/accounts_tmout/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/rule.yml
@@ -24,7 +24,7 @@ description: |-
     setting in a file loaded by <tt>/etc/profile</tt>
     {{{- "or <tt>/etc/bashrc</tt>" if product in ["ol7", "rhel7"] }}}, e.g.
     <tt>/etc/profile.d/tmout.sh</tt> should read as follows:
-    <pre>declare -xr TMOUT={{{ xccdf_value("var_accounts_tmout") }}}</pre>
+    <pre>typeset -xr TMOUT={{{ xccdf_value("var_accounts_tmout") }}}</pre>
     {{% endif %}}
 
 rationale: |-
diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_tmout/tests/conflicting_values_diff_file.fail.sh b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/tests/conflicting_values_diff_file.fail.sh
index cfd27c98393..2efa98a7e82 100644
--- a/linux_os/guide/system/accounts/accounts-session/accounts_tmout/tests/conflicting_values_diff_file.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/tests/conflicting_values_diff_file.fail.sh
@@ -4,5 +4,5 @@
 
 sed -i "/.*TMOUT.*/d" /etc/profile /etc/profile.d/*.sh /etc/bashrc
 
-echo "declare -xr TMOUT=700" >> /etc/profile
-echo "declare -xr TMOUT=800" >> /etc/profile.d/tmout.sh
+echo "typeset -xr TMOUT=700" >> /etc/profile
+echo "typeset -xr TMOUT=800" >> /etc/profile.d/tmout.sh
diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_tmout/tests/conflicting_values_same_file.fail.sh b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/tests/conflicting_values_same_file.fail.sh
index 6a4ddb01a62..c5402f2e02d 100644
--- a/linux_os/guide/system/accounts/accounts-session/accounts_tmout/tests/conflicting_values_same_file.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/tests/conflicting_values_same_file.fail.sh
@@ -4,5 +4,5 @@
 
 sed -i "/.*TMOUT.*/d" /etc/profile /etc/profile.d/*.sh /etc/bashrc
 
-echo "declare -xr TMOUT=700" >> /etc/profile
-echo "declare -xr TMOUT=800" >> /etc/profile
+echo "typeset -xr TMOUT=700" >> /etc/profile
+echo "typeset -xr TMOUT=800" >> /etc/profile
diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_tmout/tests/correct_value_bashrc.pass.sh b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/tests/correct_value_bashrc.pass.sh
index de746c94bbb..750478d6568 100644
--- a/linux_os/guide/system/accounts/accounts-session/accounts_tmout/tests/correct_value_bashrc.pass.sh
+++ b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/tests/correct_value_bashrc.pass.sh
@@ -5,4 +5,4 @@
 
 sed -i "/.*TMOUT.*/d" /etc/profile /etc/profile.d/*.sh /etc/bashrc
 
-echo "declare -xr TMOUT=700" >> /etc/bashrc
+echo "typeset -xr TMOUT=700" >> /etc/bashrc
diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_tmout/tests/correct_value_profile.pass.sh b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/tests/correct_value_profile.pass.sh
index 2aa8b8fdf62..e60fd8ea4a4 100644
--- a/linux_os/guide/system/accounts/accounts-session/accounts_tmout/tests/correct_value_profile.pass.sh
+++ b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/tests/correct_value_profile.pass.sh
@@ -5,7 +5,7 @@
 sed -i "/.*TMOUT.*/d" /etc/profile.d/*.sh
 
 if grep -q "TMOUT" /etc/profile; then
-	sed -i "s/.*TMOUT.*/declare -xr TMOUT=700/" /etc/profile
+	sed -i "s/.*TMOUT.*/typeset -xr TMOUT=700/" /etc/profile
 else
-	echo "declare -xr TMOUT=700" >> /etc/profile
+	echo "typeset -xr TMOUT=700" >> /etc/profile
 fi
diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_tmout/tests/correct_value_profile_d.pass.sh b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/tests/correct_value_profile_d.pass.sh
index c11b7784fd6..028fa6390de 100644
--- a/linux_os/guide/system/accounts/accounts-session/accounts_tmout/tests/correct_value_profile_d.pass.sh
+++ b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/tests/correct_value_profile_d.pass.sh
@@ -9,7 +9,7 @@ sed -i "/.*TMOUT.*/d" /etc/profile
 test -f $TEST_FILE || touch $TEST_FILE
 
 if grep -q "TMOUT" $TEST_FILE; then
-	sed -i "s/.*TMOUT.*/declare -xr TMOUT=700/" $TEST_FILE
+	sed -i "s/.*TMOUT.*/typeset -xr TMOUT=700/" $TEST_FILE
 else
-	echo "declare -xr TMOUT=700" >> $TEST_FILE
+	echo "typeset -xr TMOUT=700" >> $TEST_FILE
 fi
diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_tmout/tests/duplicate_correct_value_diff_files.pass.sh b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/tests/duplicate_correct_value_diff_files.pass.sh
index dd154e9c515..d62ca53a84a 100644
--- a/linux_os/guide/system/accounts/accounts-session/accounts_tmout/tests/duplicate_correct_value_diff_files.pass.sh
+++ b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/tests/duplicate_correct_value_diff_files.pass.sh
@@ -4,5 +4,5 @@
 
 sed -i "/.*TMOUT.*/d" /etc/profile /etc/profile.d/*.sh
 
-echo "declare -xr TMOUT=700" >> /etc/profile
-echo "declare -xr TMOUT=700" >> /etc/profile.d/tmout.sh
+echo "typeset -xr TMOUT=700" >> /etc/profile
+echo "typeset -xr TMOUT=700" >> /etc/profile.d/tmout.sh
diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_tmout/tests/duplicate_correct_value_profile.pass.sh b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/tests/duplicate_correct_value_profile.pass.sh
index 83a6e010288..b3aaeae2dc4 100644
--- a/linux_os/guide/system/accounts/accounts-session/accounts_tmout/tests/duplicate_correct_value_profile.pass.sh
+++ b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/tests/duplicate_correct_value_profile.pass.sh
@@ -5,9 +5,9 @@
 sed -i "/.*TMOUT.*/d" /etc/profile.d/*.sh
 
 if grep -q "TMOUT" /etc/profile; then
-	sed -i "s/.*TMOUT.*/declare -xr TMOUT=700/" /etc/profile
-	echo "declare -xr TMOUT=600" >> /etc/profile.d/tmout.sh
+	sed -i "s/.*TMOUT.*/typeset -xr TMOUT=700/" /etc/profile
+	echo "typeset -xr TMOUT=600" >> /etc/profile.d/tmout.sh
 else
-	echo "declare -xr TMOUT=700" >> /etc/profile
-	echo "declare -xr TMOUT=600" >> /etc/profile.d/tmout.sh
+	echo "typeset -xr TMOUT=700" >> /etc/profile
+	echo "typeset -xr TMOUT=600" >> /etc/profile.d/tmout.sh
 fi
diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_tmout/tests/duplicate_correct_value_profile_d.pass.sh b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/tests/duplicate_correct_value_profile_d.pass.sh
index 6ae95375ce5..6fd107868d9 100644
--- a/linux_os/guide/system/accounts/accounts-session/accounts_tmout/tests/duplicate_correct_value_profile_d.pass.sh
+++ b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/tests/duplicate_correct_value_profile_d.pass.sh
@@ -5,9 +5,9 @@
 sed -i "/.*TMOUT.*/d" /etc/profile
 
 if grep -q "TMOUT" /etc/profile.d/tmout.sh; then
-	sed -i "s/.*TMOUT.*/declare -xr TMOUT=700/" /etc/profile.d/tmout.sh
-	echo "declare -xr TMOUT=600" >> /etc/profile.d/tmout.sh
+	sed -i "s/.*TMOUT.*/typeset -xr TMOUT=700/" /etc/profile.d/tmout.sh
+	echo "typeset -xr TMOUT=600" >> /etc/profile.d/tmout.sh
 else
-	echo "declare -xr TMOUT=700" >> /etc/profile.d/tmout.sh
-	echo "declare -xr TMOUT=600" >> /etc/profile.d/tmout.sh
+	echo "typeset -xr TMOUT=700" >> /etc/profile.d/tmout.sh
+	echo "typeset -xr TMOUT=600" >> /etc/profile.d/tmout.sh
 fi
diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_tmout/tests/supercompliance_profile.pass.sh b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/tests/supercompliance_profile.pass.sh
index 9c43f89c9bf..d82183440b4 100644
--- a/linux_os/guide/system/accounts/accounts-session/accounts_tmout/tests/supercompliance_profile.pass.sh
+++ b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/tests/supercompliance_profile.pass.sh
@@ -5,7 +5,7 @@
 sed -i "/.*TMOUT.*/d" /etc/profile.d/*.sh
 
 if grep -q "TMOUT" /etc/profile; then
-	sed -i "s/.*TMOUT.*/declare -xr TMOUT=800/" /etc/profile
+	sed -i "s/.*TMOUT.*/typeset -xr TMOUT=800/" /etc/profile
 else
-	echo "declare -xr TMOUT=800" >> /etc/profile
+	echo "typeset -xr TMOUT=800" >> /etc/profile
 fi
diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_tmout/tests/supercompliance_profile_d.pass.sh b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/tests/supercompliance_profile_d.pass.sh
index 26ef9dd164b..43b903fdc76 100644
--- a/linux_os/guide/system/accounts/accounts-session/accounts_tmout/tests/supercompliance_profile_d.pass.sh
+++ b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/tests/supercompliance_profile_d.pass.sh
@@ -9,7 +9,7 @@ sed -i "/.*TMOUT.*/d" /etc/profile
 test -f $TEST_FILE || touch $TEST_FILE
 
 if grep -q "TMOUT" $TEST_FILE; then
-	sed -i "s/.*TMOUT.*/declare -xr TMOUT=800/" $TEST_FILE
+	sed -i "s/.*TMOUT.*/typeset -xr TMOUT=800/" $TEST_FILE
 else
-	echo "declare -xr TMOUT=800" >> $TEST_FILE
+	echo "typeset -xr TMOUT=800" >> $TEST_FILE
 fi
diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_tmout/tests/wrong_value_bashrc.fail.sh b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/tests/wrong_value_bashrc.fail.sh
index af2048c4ca7..963449b74bc 100644
--- a/linux_os/guide/system/accounts/accounts-session/accounts_tmout/tests/wrong_value_bashrc.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/tests/wrong_value_bashrc.fail.sh
@@ -5,4 +5,4 @@
 
 sed -i "/.*TMOUT.*/d" /etc/profile /etc/profile.d/*.sh /etc/bashrc
 
-echo "declare -xr TMOUT=800" >> /etc/bashrc
+echo "typeset -xr TMOUT=800" >> /etc/bashrc

From 101124c898d9a0cd83180212d34eff60fe9b3dac Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jan=20=C4=8Cern=C3=BD?= <jcerny@redhat.com>
Date: Thu, 11 Jan 2024 11:34:10 +0100
Subject: [PATCH 2/3] Allow using declare keyword

To keep backwards compatibility we will allow also the
`declare` keyword alongside to the `typeset` keyword by the
OVAL checks. The remediations will still insert `typeset`.

This commit also adds a small test scenario to account for
this situation.
---
 .../accounts-session/accounts_tmout/oval/shared.xml   |  2 +-
 .../accounts/accounts-session/accounts_tmout/rule.yml |  2 ++
 .../tests/correct_value_profile_declare.pass.sh       | 11 +++++++++++
 3 files changed, 14 insertions(+), 1 deletion(-)
 create mode 100644 linux_os/guide/system/accounts/accounts-session/accounts_tmout/tests/correct_value_profile_declare.pass.sh

diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_tmout/oval/shared.xml b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/oval/shared.xml
index 5987ed275c4..6499ba9f171 100644
--- a/linux_os/guide/system/accounts/accounts-session/accounts_tmout/oval/shared.xml
+++ b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/oval/shared.xml
@@ -40,7 +40,7 @@
     {{% if product in ['sle12', 'sle15'] or "ubuntu" in product %}}
     <ind:pattern operation="pattern match">^[\s]*TMOUT=([\w$]+)[\s]*readonly TMOUT[\s]*export TMOUT$</ind:pattern>
     {{% else %}}
-    <ind:pattern operation="pattern match">^[\s]*typeset[\s]+-xr[\s]+TMOUT=([\w$]+).*$</ind:pattern>
+    <ind:pattern operation="pattern match">^[\s]*(?:typeset|declare)[\s]+-xr[\s]+TMOUT=([\w$]+).*$</ind:pattern>
     {{% endif %}}
     <ind:instance operation="greater than or equal" datatype="int">1</ind:instance>
   </ind:textfilecontent54_object>
diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_tmout/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/rule.yml
index 3be73740b76..42289ea9ccc 100644
--- a/linux_os/guide/system/accounts/accounts-session/accounts_tmout/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/rule.yml
@@ -25,6 +25,8 @@ description: |-
     {{{- "or <tt>/etc/bashrc</tt>" if product in ["ol7", "rhel7"] }}}, e.g.
     <tt>/etc/profile.d/tmout.sh</tt> should read as follows:
     <pre>typeset -xr TMOUT={{{ xccdf_value("var_accounts_tmout") }}}</pre>
+    or
+    <pre>declare -xr TMOUT={{{ xccdf_value("var_accounts_tmout") }}}</pre>
     {{% endif %}}
 
 rationale: |-
diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_tmout/tests/correct_value_profile_declare.pass.sh b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/tests/correct_value_profile_declare.pass.sh
new file mode 100644
index 00000000000..2aa8b8fdf62
--- /dev/null
+++ b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/tests/correct_value_profile_declare.pass.sh
@@ -0,0 +1,11 @@
+#!/bin/bash
+
+# variables = var_accounts_tmout=700
+
+sed -i "/.*TMOUT.*/d" /etc/profile.d/*.sh
+
+if grep -q "TMOUT" /etc/profile; then
+	sed -i "s/.*TMOUT.*/declare -xr TMOUT=700/" /etc/profile
+else
+	echo "declare -xr TMOUT=700" >> /etc/profile
+fi

From 9d6a7426db239e634af77077f79a75cfb93b52ba Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jan=20=C4=8Cern=C3=BD?= <jcerny@redhat.com>
Date: Thu, 11 Jan 2024 13:10:58 +0100
Subject: [PATCH 3/3] Add a note to the description

---
 .../system/accounts/accounts-session/accounts_tmout/rule.yml     | 1 +
 1 file changed, 1 insertion(+)

diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_tmout/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/rule.yml
index 42289ea9ccc..bd152ca6245 100644
--- a/linux_os/guide/system/accounts/accounts-session/accounts_tmout/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/rule.yml
@@ -27,6 +27,7 @@ description: |-
     <pre>typeset -xr TMOUT={{{ xccdf_value("var_accounts_tmout") }}}</pre>
     or
     <pre>declare -xr TMOUT={{{ xccdf_value("var_accounts_tmout") }}}</pre>
+    Using the <code>typeset</code> keyword is preferred for wider compatibility with ksh and other shells.
     {{% endif %}}
 
 rationale: |-