Add rules for SLES-12-010060

[brett060102]

• SLES-12-010060 'Enable GNOME3 Screensaver Lock After Idle Period'

Description:

• Add rules for SLES-12-010060
• required slight changes to ansible/shared.yml to accommodate what is in SLES-12-010060 from DISA

Rationale:

• enable GNOME3 Screensaver Lock for SLE-12

• Fixes # Issue number here (e.g. Updating sysctl XCCDF naming #26) or remove this line if no issue exists.

[openshift-ci-robot]

Hi @brett060102. Thanks for your PR.

I'm waiting for a ComplianceAsCode member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[openscap-ci]

Changes identified:
Rules:
 dconf_gnome_screensaver_lock_enabled
Profiles:
 stig on sle12

Show details

Rule dconf_gnome_screensaver_lock_enabled:
 Ansible remediation changed.
Profile stig on sle12:
 Rule dconf_gnome_screensaver_lock_enabled added to stig profile.

Recommended tests to execute:
 build_product sle12
 tests/test_suite.py profile --libvirt qemu:///system test-suite-vm --datastream build/ssg-sle12-ds.xml stig
 build_product rhel8
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using ansible --datastream build/ssg-rhel8-ds.xml dconf_gnome_screensaver_lock_enabled

[vojtapolasek]

Nice work, please see comments. I looked into this STIG, is that the right source of information?
https://www.stigviewer.com/stig/sles_12/2020-12-04/finding/V-217107

[vojtapolasek]

Why using Jinja macro here and when: clause in other cases specific for sle below?

[brett060102]

have changed to use when instead.

[vojtapolasek]

Noticed that you add only sle12 here but ansible modifications and the if clause in ocil is mentioning also sle15. Is that intentional?

[brett060102]

At this point we don't have a sle-15 stig for, this item, but in case one drops we did not want to mess with turning if = sle12 to if in [sle12,sle15], we had too many places where we needed to do that because we just didn't think far enough ahead when we did sle-12.

[vojtapolasek]

Could you please add this product specific if clause also to the description? The description is shown in the HTML guide and report. The ocil is not.

[brett060102]

will do.

[brett060102]

@vojtapolasek does this one look OK now?

[vojtapolasek]

Thank you for changes, it looks good now.

[brett060102]

Thank you.

…

________________________________ From: vojtapolasek ***@***.***> Sent: Wednesday, April 14, 2021 2:04 AM To: ComplianceAsCode/content ***@***.***> Cc: Earl Sampson ***@***.***>; Mention ***@***.***> Subject: Re: [ComplianceAsCode/content] Add rules for SLES-12-010060 (#6806) Merged #6806<#6806> into master. — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub<#6806 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AFR5DX36VTDZLE2YLK57Z4DTIU47LANCNFSM42RULVKA>.