content icon indicating copy to clipboard operation
content copied to clipboard
verified publisher icon ComplianceAsCode

add new rule logind_session_timeout

Open vojtapolasek opened this issue 3 years ago • 7 comments

Description:

  • add rule which configures Logind to terminate idle sessoins
  • add OVAL, Bash, Ansible and test scenarios
  • the rule uses XCCDF variable
  • one change needed to be done to a Bash ini_file macro

Rationale:

Fixes https://bugzilla.redhat.com/show_bug.cgi?id=2122322

vojtapolasek avatar Sep 05 '22 12:09 vojtapolasek

Start a new ephemeral environment with changes proposed in this pull request:

rhel8 (from CTF) Environment (using Fedora as testing environment) Open in Gitpod

Fedora Testing Environment Open in Gitpod

Oracle Linux 8 Environment Open in Gitpod

github-actions[bot] avatar Sep 05 '22 12:09 github-actions[bot]

This datastream diff is auto generated by the check Compare DS/Generate Diff

Click here to see the full diff 
bash remediation for rule 'xccdf_org.ssgproject.content_rule_gnome_gdm_disable_xdmcp' differs.
--- xccdf_org.ssgproject.content_rule_gnome_gdm_disable_xdmcp
+++ xccdf_org.ssgproject.content_rule_gnome_gdm_disable_xdmcp
@@ -5,12 +5,12 @@
 # to 'false', if it isn't here, add it, if '[xdmcp]' doesn't exist, add it there
 if grep -qzosP '[[:space:]]*\[xdmcp]([^\n\[]*\n+)+?[[:space:]]*Enable' '/etc/gdm/custom.conf'; then
 
- sed -i 's/Enable[^(\n)]*/Enable=false/' '/etc/gdm/custom.conf'
+ sed -i "s/Enable[^(\n)]*/Enable=false/" '/etc/gdm/custom.conf'
 elif grep -qs '[[:space:]]*\[xdmcp]' '/etc/gdm/custom.conf'; then
- sed -i '/[[:space:]]*\[xdmcp]/a Enable=false' '/etc/gdm/custom.conf'
+ sed -i "/[[:space:]]*\[xdmcp]/a Enable=false" '/etc/gdm/custom.conf'
 else
 if test -d "/etc/gdm"; then
- printf '%s\n' '[xdmcp]' 'Enable=false' >> '/etc/gdm/custom.conf'
+ printf '%s\n' '[xdmcp]' "Enable=false" >> '/etc/gdm/custom.conf'
 else
 echo "Config file directory '/etc/gdm' doesnt exist, not remediating, assuming non-applicability." >&2
 fi

github-actions[bot] avatar Sep 05 '22 12:09 github-actions[bot]

I believe you git tree is a bit messed up. Try rebasing it one more time.

ggbecker avatar Sep 05 '22 13:09 ggbecker

Thanks for noticing that, I rebased.

vojtapolasek avatar Sep 05 '22 13:09 vojtapolasek

Looks like something is off on the rebase fa7fcd02fcb8e07d1b8ba713f4c85c9f0b10b8e7 looks odd to me as you are commiting a change made by me.

Mab879 avatar Sep 09 '22 18:09 Mab879

@vojtapolasek can you try to take a look whether the rebase is correct or can you rebase again?

jan-cerny avatar Sep 30 '22 08:09 jan-cerny

@vojtapolasek bump

jan-cerny avatar Oct 24 '22 07:10 jan-cerny

@jan-cerny rebased

vojtapolasek avatar Oct 27 '22 11:10 vojtapolasek

@vojtapolasek: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/e2e-aws-ocp4-high f1c08624d353ccccc7e7a89fca5d760901adabed link true /test e2e-aws-ocp4-high

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

openshift-ci[bot] avatar Oct 27 '22 12:10 openshift-ci[bot]

Code Climate has analyzed commit f1c08624 and detected 0 issues on this pull request.

The test coverage on the diff in this pull request is 100.0% (50% is the threshold).

This pull request will bring the total coverage in the repository to 46.5% (0.0% change).

View more on Code Climate.

qlty-cloud-legacy[bot] avatar Oct 27 '22 12:10 qlty-cloud-legacy[bot]