Adjust bash to correspond to rule.yml for correct value of TimedLoginEnable

[lenox-joseph]

Description:

Updates 'Disable GDM Guest Login' rule to match its OCIL checklist item.

Rationale:

According to STIG guideline for RHEL7 and the rule.yml for this check, TimedLoginEnable=false is the correct value and other check tools such as Teneble's SecurityCenter feed don't assume a case-insensitive check, and manual checks against the OCIL should match the automated remediation and/or description.

Additionally, the GDM configuration file documentation indicates that the correct configuration value is false

[openshift-ci]

Hi @lenox-joseph. Thanks for your PR.

I'm waiting for a ComplianceAsCode member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[github-actions]

Start a new ephemeral environment with changes proposed in this pull request:

rhel8 (from CTF) Environment (using Fedora as testing environment)

Fedora Testing Environment

Oracle Linux 8 Environment

[lenox-joseph]

Found this because Tenable's SecurityCenter's STIG feed for RHEL7 doesn't do case-insensitive checks.

[github-actions]

This datastream diff is auto generated by the check Compare DS/Generate Diff

Click here to see the full diff

bash remediation for rule 'xccdf_org.ssgproject.content_rule_gnome_gdm_disable_guest_login' differs:
--- old datastream
+++ new datastream
@@ -6,9 +6,9 @@
 if ! grep -q "^TimedLoginEnable=" /etc/gdm/custom.conf
 then
 sed -i "/^\[daemon\]/a \
- TimedLoginEnable=False" /etc/gdm/custom.conf
+ TimedLoginEnable=false" /etc/gdm/custom.conf
 else
- sed -i "s/^TimedLoginEnable=.*/TimedLoginEnable=False/g" /etc/gdm/custom.conf
+ sed -i "s/^TimedLoginEnable=.*/TimedLoginEnable=false/g" /etc/gdm/custom.conf
 fi
 fi

[Mab879]

Thanks for the PR! I will not add the okay-to-test for OpenShift CI since this is a GDM fix. Once CI passes, I will merge this. Some of the Packet as Service failures are due to issues with the Fedora mirrors, so don't worry about them now.

[codeclimate]

Code Climate has analyzed commit 3959fc9 and detected 0 issues on this pull request.

The test coverage on the diff in this pull request is 100.0% (50% is the threshold).

This pull request will bring the total coverage in the repository to 42.7% (0.0% change).

View more on Code Climate.

[Mab879]

Waving tests for CS9 as it seems they having some infra issues at the moment.