New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add rules for SLES-12-010060 #6806
Add rules for SLES-12-010060 #6806
Conversation
- SLES-12-010060 'Enable GNOME3 Screensaver Lock After Idle Period'
Hi @brett060102. Thanks for your PR. I'm waiting for a ComplianceAsCode member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Changes identified: Show detailsRule dconf_gnome_screensaver_lock_enabled: Recommended tests to execute: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice work, please see comments. I looked into this STIG, is that the right source of information?
https://www.stigviewer.com/stig/sles_12/2020-12-04/finding/V-217107
# reboot = false | ||
# strategy = unknown | ||
# complexity = low | ||
# disruption = medium | ||
|
||
{{% if product in ["sle12", "sle15"] %}} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why using Jinja macro here and when: clause in other cases specific for sle below?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
have changed to use when instead.
@@ -1,6 +1,6 @@ | |||
documentation_complete: true | |||
|
|||
prodtype: fedora,ol7,ol8,rhel7,rhel8 | |||
prodtype: fedora,ol7,ol8,rhel7,rhel8,sle12 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Noticed that you add only sle12 here but ansible modifications and the if clause in ocil is mentioning also sle15. Is that intentional?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
At this point we don't have a sle-15 stig for, this item, but in case one drops we did not want to mess with turning if = sle12 to if in [sle12,sle15], we had too many places where we needed to do that because we just didn't think far enough ahead when we did sle-12.
.../software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_enabled/ansible/shared.yml
Show resolved
Hide resolved
|
||
ocil_clause: 'screensaver locking is not enabled and/or has not been set or configured correctly' | ||
|
||
ocil: |- | ||
To check the status of the idle screen lock activation, run the following command: | ||
{{% if product in ['sle12','sle15'] %}} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Could you please add this product specific if clause also to the description? The description is shown in the HTML guide and report. The ocil is not.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
will do.
@vojtapolasek does this one look OK now? |
Thank you for changes, it looks good now. |
Thank you.
…________________________________
From: vojtapolasek ***@***.***>
Sent: Wednesday, April 14, 2021 2:04 AM
To: ComplianceAsCode/content ***@***.***>
Cc: Earl Sampson ***@***.***>; Mention ***@***.***>
Subject: Re: [ComplianceAsCode/content] Add rules for SLES-12-010060 (#6806)
Merged #6806<#6806> into master.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub<#6806 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AFR5DX36VTDZLE2YLK57Z4DTIU47LANCNFSM42RULVKA>.
|
Description:
Rationale:
enable GNOME3 Screensaver Lock for SLE-12
Fixes # Issue number here (e.g. Updating sysctl XCCDF naming #26) or remove this line if no issue exists.