Update tmux rules and add them to OL8 STIG profiles

[Xeicker]

Description:

• Update configure_tmux_lock_keybinding to allow any key, add to it the OL8 STIG id reference
• Add the OL8 stig id reference to configure_bashrc_tmux
• Add the 2 mentioned rules to OL8 STIG profiles

Rationale:

• This is to make OL8 STIG profile comply with DISA's STIG requirements

Review Hints:

• The only change in behavior is in configure_tmux_lock_keybinding. This was covered in tests

[openshift-ci]

Hi @Xeicker. Thanks for your PR.

I'm waiting for a ComplianceAsCode member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[freddieRv]

LGTM. Thanks for the update, @Xeicker

[github-actions]

Start a new ephemeral environment with changes proposed in this pull request:

rhel8 (from CTF) Environment (using Fedora as testing environment)

Fedora Testing Environment

Oracle Linux 8 Environment

[github-actions]

This datastream diff is auto generated by the check Compare DS/Generate Diff

Click here to see the full diff

OCIL for rule 'xccdf_org.ssgproject.content_rule_configure_tmux_lock_keybinding' differs.
--- ocil:ssg-configure_tmux_lock_keybinding_ocil:questionnaire:1
+++ ocil:ssg-configure_tmux_lock_keybinding_ocil:questionnaire:1
@@ -1,11 +1,11 @@
 Verify Red Hat Enterprise Linux 8 enables the user to initiate a session lock trhough key bindings with the following commands:
 
-$ grep "bind X lock-session" /etc/tmux.conf
+$ grep "lock-session" /etc/tmux.conf
 
 bind X lock-session
 
 Then, verify that the /etc/tmux.conf file can be read by other users than root:
 
 $ sudo ls -al /etc/tmux.conf
- Is it the case that the "lock-session" is not bound to the X key?
+ Is it the case that the "lock-session" is not bound to a specific key?
 
bash remediation for rule 'xccdf_org.ssgproject.content_rule_configure_tmux_lock_keybinding' differs.
--- xccdf_org.ssgproject.content_rule_configure_tmux_lock_keybinding
+++ xccdf_org.ssgproject.content_rule_configure_tmux_lock_keybinding
@@ -3,9 +3,7 @@
 
 tmux_conf="/etc/tmux.conf"
 
-if grep -qP '^\s*bind\s+\w\s+lock-session' "$tmux_conf" ; then
- sed -i 's/\s*bind\s\+\w\s\+lock-session.*$/bind X lock-session/' "$tmux_conf"
-else
+if ! grep -qP '^\s*bind\s+\w\s+lock-session' "$tmux_conf" ; then
 echo "bind X lock-session" >> "$tmux_conf"
 fi
 chmod 0644 "$tmux_conf"

[codeclimate]

Code Climate has analyzed commit 9593cb2 and detected 0 issues on this pull request.

The test coverage on the diff in this pull request is 100.0% (50% is the threshold).

This pull request will bring the total coverage in the repository to 49.5% (0.0% change).

View more on Code Climate.

[marcusburghardt]

LGTM. Thanks

[marcusburghardt]

FYI @Mab879 , @yuumasato , @ggbecker