Taming Runaway tmux Sessions and Keeping Your Scans Smooth

This post tackles a common issue encountered during vulnerability scans with Tenable.sc (formerly Security Center). It addresses the problem of lingering tmux sessions that can hinder login attempts and system responsiveness.

The Problem

Recently, a critical plugin (21745) triggered on a Red Hat Enterprise Linux 8 (RHEL 8) system during a Tenable.sc scan. The scan user account wasn't locked out, but SSH login attempts hung indefinitely despite system logs showing a successful login. A reboot temporarily resolved the issue, but it kept reoccurring.

The Culprit: Unclosed tmux Sessions

Tenable.sc leverages tmux, a terminal multiplexer, to manage multiple connections during a scan. When a connection is established, tmux typically creates a session. The problem arose when these tmux sessions weren't being automatically closed after the scan completed. This led to a situation where the scan user ended up with thousands of orphaned sessions, causing login issues.

Fixing the Runaway Sessions

1. Automatic Cleanup

• Edit the system-wide tmux configuration file ( /etc/tmux.conf ).
• Add the line set -g destroy-unattached on to the configuration file. This instructs tmux to automatically terminate any sessions that are not actively in use.
• To implement this change:

scanuser@remotesystem> sudo echo "set -g destroy-unattached on" >> /etc/tmux.conf

2. User-Specific Control (Optional)

• This approach allows tmux usage only for the designated scan user ( scanuser ). 
• Create a custom shell script ( /etc/profile.d/custom.sh ) with the following content:

[ "$USER" != "scanuser" ]
 then if [ "$PS1" ]
   then parent=$(ps -o ppid= -p $$)
        name=$(ps -o comm= -p $parent) 
        case "$name" in (sshd|login) exec tmux
        esac 
 fi 
fi 

This script checks the current user and only allows tmux execution if the user is "scanuser" and the parent process is either "sshd" (SSH daemon) or "login" (login shell).

Understanding the Tools

tmux: An open-source terminal multiplexer that allows managing multiple terminal sessions within a single window. You can split your terminal into different panes, detach from sessions, and reattach later, similar to the "screen" application.

Tenable Plugin 21745: This is an informational plugin that gathers and displays information from other plugins, triggered in this instance due to potential login failures.

Additional Resources

• Tmux Cheat Sheet & Quick Reference: https://tmuxcheatsheet.com/
• A beginner's guide to tmux: https://www.redhat.com/en/blog/introduction-tmux-linux

By implementing these solutions, you can ensure that your Tenable.sc scans run smoothly without encountering issues caused by lingering tmux sessions.

Free Google Training & Certification Exam

Google is offering free training for US or Canadian military veterans or service members looking to transition into a tech career. This program is designed to help you leverage your military experience and skillset to succeed in the tech industry. 

Key Program Benefits:

• Free Training: Attend a two-day virtual training event to learn the fundamentals of cloud computing and Google Cloud Platform.
• Certification Vouchers: Receive a voucher to take the Cloud Digital Leader certification exam, valued at $99.
• Expert Guidance: Learn from Google Cloud experts and veteran Google employees.
• Networking Opportunities: Connect with other veterans and industry professionals.

Agenda

Attend the Cloud Digital Leader Training Even
Dates: November 7-8, 2024
Time: 10 AM - 6 PM EST
Location: Virtual

Exam Prep Sessions
Dates: November 15 and/or November 22, 2024
Time: 1 PM - 2:30 PM EST
Location: Virtual

Go to the link below to register for the class

https://rsvp.withgoogle.com/events/google_cloud_launchpad_for_vets

Don't Miss Out!