From b4cd7bf537752dabd81bbbd1ba8b09a4502e5d6c Mon Sep 17 00:00:00 2001 From: Vojtech Polasek Date: Thu, 18 May 2023 14:27:41 +0200 Subject: [PATCH 1/2] add ansible remediation to rule configure_bashrc_exec_tmux --- .../ansible/shared.yml | 33 +++++++++++++++++++ 1 file changed, 33 insertions(+) create mode 100644 linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_exec_tmux/ansible/shared.yml diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_exec_tmux/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_exec_tmux/ansible/shared.yml new file mode 100644 index 00000000000..6237f1e6a91 --- /dev/null +++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_exec_tmux/ansible/shared.yml @@ -0,0 +1,33 @@ +# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol +# reboot = false +# strategy = configure +# complexity = low +# disruption = low + +- name: "{{{ rule_title }}}: Determine if the Tmux launch script is present in /etc/bashrc" + ansible.builtin.find: + paths: '/etc' + patterns: 'bashrc' + contains: '.*case "$name" in sshd|login) exec tmux ;; esac.*' + register: tmux_in_bashrc + +- name: "{{{ rule_title }}}: Determine if the Tmux launch script is present in /etc/profile.d/*.sh" + ansible.builtin.find: + paths: '/etc/profile.d' + patterns: '*.sh' + contains: .*case "$name" in sshd|login) exec tmux ;; esac.* + register: tmux_in_profile_d + +- name: "{{{ rule_title }}}: Insert the correct script into /etc/profile.d/tmux.sh" + ansible.builtin.blockinfile: + path: '/etc/profile.d/tmux.sh' + block: | + if [ "$PS1" ]; then + parent=$(ps -o ppid= -p $$) + name=$(ps -o comm= -p $parent) + case "$name" in sshd|login) exec tmux ;; esac + fi + create: true + when: + - tmux_in_bashrc is defined and tmux_in_bashrc.matched == 0 + - tmux_in_profile_d is defined and tmux_in_profile_d.matched == 0 From ea4ed375792982da9c80e1acc2d889e6cddb9b3a Mon Sep 17 00:00:00 2001 From: Vojtech Polasek Date: Tue, 23 May 2023 10:33:53 +0200 Subject: [PATCH 2/2] change task names to title case --- .../configure_bashrc_exec_tmux/ansible/shared.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_exec_tmux/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_exec_tmux/ansible/shared.yml index 6237f1e6a91..8a64b5ea8b2 100644 --- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_exec_tmux/ansible/shared.yml +++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_exec_tmux/ansible/shared.yml @@ -4,21 +4,21 @@ # complexity = low # disruption = low -- name: "{{{ rule_title }}}: Determine if the Tmux launch script is present in /etc/bashrc" +- name: "{{{ rule_title }}}: Determine If the Tmux Launch Script Is Present in /etc/bashrc" ansible.builtin.find: paths: '/etc' patterns: 'bashrc' contains: '.*case "$name" in sshd|login) exec tmux ;; esac.*' register: tmux_in_bashrc -- name: "{{{ rule_title }}}: Determine if the Tmux launch script is present in /etc/profile.d/*.sh" +- name: "{{{ rule_title }}}: Determine If the Tmux Launch Script Is Present in /etc/profile.d/*.sh" ansible.builtin.find: paths: '/etc/profile.d' patterns: '*.sh' contains: .*case "$name" in sshd|login) exec tmux ;; esac.* register: tmux_in_profile_d -- name: "{{{ rule_title }}}: Insert the correct script into /etc/profile.d/tmux.sh" +- name: "{{{ rule_title }}}: Insert the Correct Script into /etc/profile.d/tmux.sh" ansible.builtin.blockinfile: path: '/etc/profile.d/tmux.sh' block: |