-
Notifications
You must be signed in to change notification settings - Fork 671
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Adjust bash to correspond to rule.yml for correct value of TimedLoginEnable #9098
Conversation
…f TimedLoginEnable
Hi @lenox-joseph. Thanks for your PR. I'm waiting for a ComplianceAsCode member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Found this because Tenable's SecurityCenter's STIG feed for RHEL7 doesn't do case-insensitive checks. |
This datastream diff is auto generated by the check Click here to see the full diffbash remediation for rule 'xccdf_org.ssgproject.content_rule_gnome_gdm_disable_guest_login' differs:
--- old datastream
+++ new datastream
@@ -6,9 +6,9 @@
if ! grep -q "^TimedLoginEnable=" /etc/gdm/custom.conf
then
sed -i "/^\[daemon\]/a \
- TimedLoginEnable=False" /etc/gdm/custom.conf
+ TimedLoginEnable=false" /etc/gdm/custom.conf
else
- sed -i "s/^TimedLoginEnable=.*/TimedLoginEnable=False/g" /etc/gdm/custom.conf
+ sed -i "s/^TimedLoginEnable=.*/TimedLoginEnable=false/g" /etc/gdm/custom.conf
fi
fi
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the PR! I will not add the okay-to-test for OpenShift CI since this is a GDM fix. Once CI passes, I will merge this. Some of the Packet as Service failures are due to issues with the Fedora mirrors, so don't worry about them now.
Code Climate has analyzed commit 3959fc9 and detected 0 issues on this pull request. The test coverage on the diff in this pull request is 100.0% (50% is the threshold). This pull request will bring the total coverage in the repository to 42.7% (0.0% change). View more on Code Climate. |
Waving tests for CS9 as it seems they having some infra issues at the moment. |
Description:
Updates 'Disable GDM Guest Login' rule to match its OCIL checklist item.
Rationale:
According to STIG guideline for RHEL7 and the rule.yml for this check,
TimedLoginEnable=false
is the correct value and other check tools such as Teneble's SecurityCenter feed don't assume a case-insensitive check, and manual checks against the OCIL should match the automated remediation and/or description.Additionally, the GDM configuration file documentation indicates that the correct configuration value is
false