-
Notifications
You must be signed in to change notification settings - Fork 671
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update tmux rules and add them to OL8 STIG profiles #10124
Update tmux rules and add them to OL8 STIG profiles #10124
Conversation
Hi @Xeicker. Thanks for your PR. I'm waiting for a ComplianceAsCode member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM. Thanks for the update, @Xeicker
This datastream diff is auto generated by the check Click here to see the full diffOCIL for rule 'xccdf_org.ssgproject.content_rule_configure_tmux_lock_keybinding' differs.
--- ocil:ssg-configure_tmux_lock_keybinding_ocil:questionnaire:1
+++ ocil:ssg-configure_tmux_lock_keybinding_ocil:questionnaire:1
@@ -1,11 +1,11 @@
Verify Red Hat Enterprise Linux 8 enables the user to initiate a session lock trhough key bindings with the following commands:
-$ grep "bind X lock-session" /etc/tmux.conf
+$ grep "lock-session" /etc/tmux.conf
bind X lock-session
Then, verify that the /etc/tmux.conf file can be read by other users than root:
$ sudo ls -al /etc/tmux.conf
- Is it the case that the "lock-session" is not bound to the X key?
+ Is it the case that the "lock-session" is not bound to a specific key?
bash remediation for rule 'xccdf_org.ssgproject.content_rule_configure_tmux_lock_keybinding' differs.
--- xccdf_org.ssgproject.content_rule_configure_tmux_lock_keybinding
+++ xccdf_org.ssgproject.content_rule_configure_tmux_lock_keybinding
@@ -3,9 +3,7 @@
tmux_conf="/etc/tmux.conf"
-if grep -qP '^\s*bind\s+\w\s+lock-session' "$tmux_conf" ; then
- sed -i 's/\s*bind\s\+\w\s\+lock-session.*$/bind X lock-session/' "$tmux_conf"
-else
+if ! grep -qP '^\s*bind\s+\w\s+lock-session' "$tmux_conf" ; then
echo "bind X lock-session" >> "$tmux_conf"
fi
chmod 0644 "$tmux_conf" |
Signed-off-by: Edgar Aguilar <edgar.aguilar@oracle.com>
Allow any letter to bound instead of only X. Also add the rule to OL8 STIG Signed-off-by: Edgar Aguilar <edgar.aguilar@oracle.com>
Signed-off-by: Edgar Aguilar <edgar.aguilar@oracle.com>
706e44a
to
9593cb2
Compare
Code Climate has analyzed commit 9593cb2 and detected 0 issues on this pull request. The test coverage on the diff in this pull request is 100.0% (50% is the threshold). This pull request will bring the total coverage in the repository to 49.5% (0.0% change). View more on Code Climate. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM. Thanks
FYI @Mab879 , @yuumasato , @ggbecker |
Description:
configure_tmux_lock_keybinding
to allow any key, add to it the OL8 STIG id referenceconfigure_bashrc_tmux
Rationale:
Review Hints:
configure_tmux_lock_keybinding
. This was covered in tests