-
Notifications
You must be signed in to change notification settings - Fork 684
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Run tmux only right after sshd/login #4885
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In this line, a regular expression like this could work. I haven't tested though.
if [ "$PS1" ]; then\n[\s]+parent=$(ps -o ppid= -p $$)\n[\s]+name=$(ps -o comm= -p $parent)\n[\s]+case\n"$name" in sshd|login) exec tmux ;; esac\nfi
The single line behavior[0] mitght affect matching of \n
.
.../accounts-physical/screen_locking/console_screen_locking/configure_bashrc_exec_tmux/rule.yml
Outdated
Show resolved
Hide resolved
I think we want single-line matching here. This IIUC takes the whole file content and matches against it. Multiline mode basically takes it line-by-line and applies the regex on each line. I'll update and test the OVAL on my end. |
What kind of matching does OVAL do? ... It seems to be using Perl rules for single/multi line, so I rewrote the regexp to match Perl standards (and I tested it as working using perl), but Is this somehow related to |
@comps Could you push the regex? So I can try to debug and check the objects collected and to what regex it is trying to match? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The test is capturing only the last line as the object of evaluation.
Changing pattern in line 26 to ^(.*)$
will capture the whole file as a single object.
And the operation in the state needs to be pattern match
.
...ts-physical/screen_locking/console_screen_locking/configure_bashrc_exec_tmux/oval/shared.xml
Outdated
Show resolved
Hide resolved
This prevents tmux-inside-tmux for common use cases like `su -'. Signed-off-by: Jiri Jaburek <jjaburek@redhat.com>
Thanks for the help. Everything should be in its final form, I tested the check for pass/fail and remediation - seems to be working. |
@comps Thanks for the PR. One more thing, I forgot, was focused on OVAL. |
I believe I did change ocil to match the new algorithm (please double check). I don't see anything from the actual |
Cool, thank again for the patch! |
This prevents tmux-inside-tmux for common use cases like
su -
.I'm not quite sure how the OVAL should look like or whether the
tail -5
is valid, hence I'm submitting this as a draft. Any opinions?Thanks.