diff --git a/controls/stig_rhel9.yml b/controls/stig_rhel9.yml
index 5449c82967a..d1a4ab494f6 100644
--- a/controls/stig_rhel9.yml
+++ b/controls/stig_rhel9.yml
@@ -2567,7 +2567,7 @@ controls:
- medium
title: RHEL 9 must ensure session control is automatically started at shell initialization.
rules:
- - configure_bashrc_exec_tmux
+ - configure_bashrc_tmux
status: automated
- id: RHEL-09-412020
diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_exec_tmux/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_exec_tmux/ansible/shared.yml
index 5c6dd41e1d0..75395cf61a7 100644
--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_exec_tmux/ansible/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_exec_tmux/ansible/shared.yml
@@ -8,14 +8,14 @@
ansible.builtin.find:
paths: '/etc'
patterns: 'bashrc'
- contains: '.*case "$name" in sshd|login\) tmux ;; esac.*'
+ contains: '.*case "$name" in sshd|login\) exec tmux ;; esac.*'
register: tmux_in_bashrc
- name: "{{{ rule_title }}}: Determine If the Tmux Launch Script Is Present in /etc/profile.d/*.sh"
ansible.builtin.find:
paths: '/etc/profile.d'
patterns: '*.sh'
- contains: .*case "$name" in sshd|login\) tmux ;; esac.*
+ contains: .*case "$name" in sshd|login\) exec tmux ;; esac.*
register: tmux_in_profile_d
- name: "{{{ rule_title }}}: Insert the Correct Script into /etc/profile.d/tmux.sh"
@@ -25,7 +25,7 @@
if [ "$PS1" ]; then
parent=$(ps -o ppid= -p $$)
name=$(ps -o comm= -p $parent)
- case "$name" in sshd|login) tmux ;; esac
+ case "$name" in sshd|login) exec tmux ;; esac
fi
create: true
when:
diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_exec_tmux/bash/shared.sh b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_exec_tmux/bash/shared.sh
index 3d056e4cf45..e139c3d494e 100644
--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_exec_tmux/bash/shared.sh
+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_exec_tmux/bash/shared.sh
@@ -4,12 +4,12 @@
# complexity = low
# disruption = low
-if ! grep -x ' case "$name" in sshd|login) tmux ;; esac' /etc/bashrc; then
+if ! grep -x ' case "$name" in sshd|login) exec tmux ;; esac' /etc/bashrc; then
cat >> /etc/profile.d/tmux.sh <<'EOF'
if [ "$PS1" ]; then
parent=$(ps -o ppid= -p $$)
name=$(ps -o comm= -p $parent)
- case "$name" in sshd|login) tmux ;; esac
+ case "$name" in sshd|login) exec tmux ;; esac
fi
EOF
chmod 0644 /etc/profile.d/tmux.sh
diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_exec_tmux/oval/shared.xml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_exec_tmux/oval/shared.xml
index e3c4b6ef0e5..58f91eadf66 100644
--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_exec_tmux/oval/shared.xml
+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_exec_tmux/oval/shared.xml
@@ -1,7 +1,7 @@
{{{ oval_metadata("Check if tmux is configured to exec at the end of bashrc.") }}}
-
+
@@ -14,7 +14,7 @@
^/etc/bashrc$|^/etc/profile\.d/.*$
- if \[ "\$PS1" \]; then\n\s+parent=\$\(ps -o ppid= -p \$\$\)\n\s+name=\$\(ps -o comm= -p \$parent\)\n\s+case "\$name" in sshd\|login\) tmux ;; esac\nfi
+ if \[ "\$PS1" \]; then\n\s+parent=\$\(ps -o ppid= -p \$\$\)\n\s+name=\$\(ps -o comm= -p \$parent\)\n\s+case "\$name" in sshd\|login\) exec tmux ;; esac\nfi
1
diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_exec_tmux/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_exec_tmux/rule.yml
index 590b40780b1..bbbbd5d8000 100644
--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_exec_tmux/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_exec_tmux/rule.yml
@@ -26,7 +26,7 @@ references:
disa: CCI-000056,CCI-000058
ospp: FMT_SMF_EXT.1,FMT_MOF_EXT.1,FTA_SSL.1
srg: SRG-OS-000031-GPOS-00012,SRG-OS-000028-GPOS-00009,SRG-OS-000030-GPOS-00011
- stigid@rhel9: RHEL-09-412015
+
platform: package[tmux]
@@ -39,7 +39,7 @@ ocil: |-
$ sudo grep tmux /etc/bashrc /etc/profile.d/*
- /etc/profile.d/tmux.sh: case "$name" in (sshd|login) tmux ;; esac
+ /etc/profile.d/tmux.sh: case "$name" in (sshd|login) exec tmux ;; esac
Review the tmux script by using the following example:
@@ -48,7 +48,7 @@ ocil: |-
if [ "$PS1" ]; then
parent=$(ps -o ppid= -p $$)
name=$(ps -o comm= -p $parent)
- case "$name" in (sshd|login) tmux ;; esac
+ case "$name" in (sshd|login) exec tmux ;; esac
fi
If the shell file is not configured as the example above, is commented out, or is missing, this is a finding.
@@ -63,7 +63,7 @@ fixtext: |-
if [ "$PS1" ]; then
parent=$(ps -o ppid= -p $$)
name=$(ps -o comm= -p $parent)
- case "$name" in sshd|login) tmux ;; esac
+ case "$name" in sshd|login) exec tmux ;; esac
fi
Then, ensure a correct mode of /etc/profile.d/tmux.sh using this command:
diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_exec_tmux/tests/correct_value.pass.sh b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_exec_tmux/tests/correct_value.pass.sh
index 77b7a61a5b9..fbc7590f27d 100644
--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_exec_tmux/tests/correct_value.pass.sh
+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_exec_tmux/tests/correct_value.pass.sh
@@ -5,7 +5,7 @@ cat >> /etc/bashrc <<'EOF'
if [ "$PS1" ]; then
parent=$(ps -o ppid= -p $$)
name=$(ps -o comm= -p $parent)
- case "$name" in sshd|login) tmux ;; esac
+ case "$name" in sshd|login) exec tmux ;; esac
fi
EOF
diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_exec_tmux/tests/correct_value_d_directory.pass.sh b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_exec_tmux/tests/correct_value_d_directory.pass.sh
index c0ddc93e5ef..6107f86f248 100644
--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_exec_tmux/tests/correct_value_d_directory.pass.sh
+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_exec_tmux/tests/correct_value_d_directory.pass.sh
@@ -6,7 +6,7 @@ cat >> /etc/profile.d/00-complianceascode.conf <<'EOF'
if [ "$PS1" ]; then
parent=$(ps -o ppid= -p $$)
name=$(ps -o comm= -p $parent)
- case "$name" in sshd|login) tmux ;; esac
+ case "$name" in sshd|login) exec tmux ;; esac
fi
EOF
diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_exec_tmux/tests/duplicate_value_multiple_files.pass.sh b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_exec_tmux/tests/duplicate_value_multiple_files.pass.sh
index 120541cd056..c662221eca1 100644
--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_exec_tmux/tests/duplicate_value_multiple_files.pass.sh
+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_exec_tmux/tests/duplicate_value_multiple_files.pass.sh
@@ -5,7 +5,7 @@ cat >> /etc/profile.d/00-complianceascode.conf <<'EOF'
if [ "$PS1" ]; then
parent=$(ps -o ppid= -p $$)
name=$(ps -o comm= -p $parent)
- case "$name" in sshd|login) tmux ;; esac
+ case "$name" in sshd|login) exec tmux ;; esac
fi
EOF
@@ -13,7 +13,7 @@ cat >> /etc/bashrc <<'EOF'
if [ "$PS1" ]; then
parent=$(ps -o ppid= -p $$)
name=$(ps -o comm= -p $parent)
- case "$name" in sshd|login) tmux ;; esac
+ case "$name" in sshd|login) exec tmux ;; esac
fi
EOF
diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_tmux/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_tmux/rule.yml
index 0afa3d15581..80bdc7a3c8e 100644
--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_tmux/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_tmux/rule.yml
@@ -20,6 +20,7 @@ severity: medium
identifiers:
cce@rhel8: CCE-90782-4
+ cce@rhel9: CCE-86073-4
references:
@@ -27,6 +28,7 @@ references:
srg: SRG-OS-000031-GPOS-00012,SRG-OS-000028-GPOS-00009,SRG-OS-000030-GPOS-00011
stigid@ol8: OL08-00-020041
stigid@rhel8: RHEL-08-020041
+ stigid@rhel9: RHEL-09-412015
platform: package[tmux]
diff --git a/shared/references/cce-redhat-avail.txt b/shared/references/cce-redhat-avail.txt
index 80c5472525f..a2172147a19 100644
--- a/shared/references/cce-redhat-avail.txt
+++ b/shared/references/cce-redhat-avail.txt
@@ -1,4 +1,3 @@
-CCE-86073-4
CCE-86074-2
CCE-86076-7
CCE-86078-3