commit e5b8b968d882aa8fa1795dcabf185781f59b5671

Author: Watson Sato <wsato@redhat.com>

Date:   Mon Feb 28 12:01:18 2022 +0100

    Manual edited patch scap-security-guide-0.1.61-remove_tmux_process_running_check-PR_8246.patch.

diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_exec_tmux/oval/shared.xml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_exec_tmux/oval/shared.xml

index 4cb2f9e..58f91ea 100644

--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_exec_tmux/oval/shared.xml

+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_exec_tmux/oval/shared.xml

@@ -4,7 +4,6 @@

     <criteria comment="Check exec tmux configured at the end of bashrc" operator="AND">

         test_ref="test_configure_bashrc_exec_tmux" />

-      <criterion comment="check tmux is running" test_ref="test_tmux_running"/>

     </criteria>

   </definition>

@@ -18,13 +17,4 @@

     <ind:pattern operation="pattern match">if \[ "\$PS1" \]; then\n\s+parent=\$\(ps -o ppid= -p \$\$\)\n\s+name=\$\(ps -o comm= -p \$parent\)\n\s+case "\$name" in sshd\|login\) exec tmux ;; esac\nfi</ind:pattern>

     <ind:instance datatype="int" operation="greater than or equal">1</ind:instance>

   </ind:textfilecontent54_object>

-

-  <unix:process58_test check="all" id="test_tmux_running" comment="is tmux running" version="1">

-      <unix:object object_ref="obj_tmux_running"/>

-  </unix:process58_test>

-

-  <unix:process58_object id="obj_tmux_running" version="1">

-      <unix:command_line operation="pattern match">^tmux(?:|[\s]+.*)$</unix:command_line>

-      <unix:pid datatype="int" operation="greater than">0</unix:pid>

-  </unix:process58_object>

 </def-group>

diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_exec_tmux/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_exec_tmux/rule.yml

index 6be090b..0e4db6d 100644

--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_exec_tmux/rule.yml

+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_exec_tmux/rule.yml

@@ -8,19 +8,11 @@ description: |-

     The <tt>tmux</tt> terminal multiplexer is used to implement

     automatic session locking. It should be started from

     <tt>/etc/bashrc</tt> or drop-in files within <tt>/etc/profile.d/</tt>.

-    Additionally it must be ensured that the <tt>tmux</tt> process is running

-    and it can be verified with the following command:

-    
ps all | grep tmux | grep -v grep

 rationale: |-

     Unlike <tt>bash</tt> itself, the <tt>tmux</tt> terminal multiplexer

     provides a mechanism to lock sessions after period of inactivity.

-warnings:

-  - general: |-

-        The remediation does not start the tmux process, so it must be

-        manually started or have the system rebooted after applying the fix.

-

 severity: medium

 identifiers:

@@ -33,7 +25,7 @@ references:

     srg: SRG-OS-000031-GPOS-00012,SRG-OS-000028-GPOS-00009

     stigid@rhel8: RHEL-08-020041

-ocil_clause: 'exec tmux is not present at the end of bashrc or tmux process is not running'

+ocil_clause: 'exec tmux is not present at the end of bashrc'

 ocil: |-

     To verify that tmux is configured to execute,

@@ -45,9 +37,5 @@ ocil: |-

       name=$(ps -o comm= -p $parent)

       case "$name" in sshd|login) exec tmux ;; esac

     fi

-    To verify that the tmux process is running,

-    run the following command:

-    
ps all | grep tmux | grep -v grep

-    If the command does not produce output, this is a finding.

 platform: machine

diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_exec_tmux/tests/correct_value.pass.sh b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_exec_tmux/tests/correct_value.pass.sh

index 221c186..fbc7590 100644

--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_exec_tmux/tests/correct_value.pass.sh

+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_exec_tmux/tests/correct_value.pass.sh

@@ -9,4 +9,3 @@ if [ "$PS1" ]; then

 fi

 EOF

-tmux new-session -s root -d

diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_exec_tmux/tests/correct_value_d_directory.pass.sh b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_exec_tmux/tests/correct_value_d_directory.pass.sh

index 1702bb1..6107f86 100644

--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_exec_tmux/tests/correct_value_d_directory.pass.sh

+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_exec_tmux/tests/correct_value_d_directory.pass.sh

@@ -10,4 +10,3 @@ if [ "$PS1" ]; then

 fi

 EOF

-tmux new-session -s root -d

diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_exec_tmux/tests/tmux_not_running.fail.sh b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_exec_tmux/tests/tmux_not_running.fail.sh

deleted file mode 100644

index 6cb9d83..0000000

--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_exec_tmux/tests/tmux_not_running.fail.sh

+++ /dev/null

@@ -1,13 +0,0 @@

-#!/bin/bash

-# packages = tmux

-# remediation = none

-

-cat >> /etc/bashrc <<'EOF'

-if [ "$PS1" ]; then

-  parent=$(ps -o ppid= -p $$)

-  name=$(ps -o comm= -p $parent)

-  case "$name" in sshd|login) exec tmux ;; esac

-fi

-EOF

-

-killall tmux || true

diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_exec_tmux/tests/wrong_value.fail.sh b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_exec_tmux/tests/wrong_value.fail.sh

index f13a8b0..9b46165 100644

--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_exec_tmux/tests/wrong_value.fail.sh

+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_exec_tmux/tests/wrong_value.fail.sh

@@ -101,5 +101,3 @@ if [ -z "$BASHRCSOURCED" ]; then

 fi

 # vim:ts=4:sw=4

 EOF

-

-tmux new-session -s root -d