Merge pull request #473 from ferricoxide/Issue_471

Add handler to set `StopIdleSessionSec` to STIG-Mandated Value

ash-linux/el8/STIGbyID/cat2/RHEL-08-020035.sls

@@ -0,0 +1,57 @@
+# Ref Doc:    STIG - RHEL 8 v1r12
+# Finding ID: V-257258
+# Rule ID:    SV-257258r917891_rule
+# STIG ID:    RHEL-08-020035
+# SRG ID:     SRG-OS-000163-GPOS-00072
+#
+# Finding Level: medium
+#
+# Rule Summary:
+#       The Operating System must terminate idle user sessions
+#
+# References:
+#   CCI:
+#     - CCI-001133
+#   NIST SP 800-53 :: SC-10
+#   NIST SP 800-53A :: SC-10.1 (ii)
+#   NIST SP 800-53 Revision 4 :: SC-10
+#
+###########################################################################
+{%- set stig_id = 'RHEL-08-020035' %}
+{%- set helperLoc = 'ash-linux/el8/STIGbyID/cat2/files' %}
+{%- set skipIt = salt.pillar.get('ash-linux:lookup:skip-stigs', []) %}
+{%- set cfgFile = '/etc/systemd/logind.conf' %}
+{%- set cfgParm = 'StopIdleSessionSec' %}
+{%- set cfgValu = '900' %}
+{%- set svcName = 'systemd-logind' %}
+
+script_{{ stig_id }}-describe:
+  cmd.script:
+    - source: salt://{{ helperLoc }}/{{ stig_id }}.sh
+    - cwd: /root
+
+{%- if stig_id in skipIt %}
+notify_{{ stig_id }}-skipSet:
+  cmd.run:
+    - name: 'printf "\nchanged=no comment=''Handler for {{ stig_id }} has been selected for skip.''\n"'
+    - stateful: True
+    - cwd: /root
+{%- else %}
+Set logind idle-session termination timeout:
+  file.replace:
+    - name: '{{ cfgFile }}'
+    - append_if_not_found: True
+    - not_found_content: |-
+
+        # Inserted per {{ stig_id }}
+        {{ cfgParm }}={{ cfgValu }}
+    - pattern: '^(|#)\s*({{ cfgParm }}).*'
+    - repl: '\g<2>={{ cfgValu }}'
+
+service_{{ stig_id }}-{{ cfgFile }}:
+  service.running:
+    - name: '{{ svcName }}'
+    - enable: True
+    - watch:
+      - file: 'Set logind idle-session termination timeout'
+{%- endif %}

ash-linux/el8/STIGbyID/cat2/files/RHEL-08-020035.sh

@@ -0,0 +1,31 @@
+#!/bin/bash
+#
+# Ref Doc:    STIG - RHEL 8 v1r12
+# Finding ID: V-257258
+# Rule ID:    SV-257258r917891_rule
+# STIG ID:    RHEL-08-020035
+# SRG ID:     SRG-OS-000163-GPOS-00072
+#
+# Finding Level: medium
+#
+# Rule Summary:
+#       The Operating System must terminate idle user sessions
+#
+# References:
+#   CCI:
+#     - CCI-001133
+#   NIST SP 800-53 :: SC-10
+#   NIST SP 800-53A :: SC-10.1 (ii)
+#   NIST SP 800-53 Revision 4 :: SC-10
+#
+###########################################################################
+# Standard outputter function
+diag_out() {
+   echo "${1}"
+}
+
+diag_out "--------------------------------------"
+diag_out "STIG Finding ID: V-257258"
+diag_out "     The OS must terminate idle user"
+diag_out "     sessions"
+diag_out "--------------------------------------"

ash-linux/el8/STIGbyID/cat2/init.sls

@@ -10,6 +10,7 @@ include:
   - ash-linux.el8.STIGbyID.cat2.RHEL-08-010671
   - ash-linux.el8.STIGbyID.cat2.RHEL-08-010780
   - ash-linux.el8.STIGbyID.cat2.RHEL-08-010790
+  - ash-linux.el8.STIGbyID.cat2.RHEL-08-020035
   - ash-linux.el8.STIGbyID.cat2.RHEL-08-020040
   - ash-linux.el8.STIGbyID.cat2.RHEL-08-020041
   - ash-linux.el8.STIGbyID.cat2.RHEL-08-020090