1

I wrote a hardening script for CentOS workstation and I'm stuck on a process for Cent6 systems where I want to remove the login screen and have the user enter their login ID.

The file is: 

/etc/gconf/gconf.xml.defaults/%gconf-tree.xml

Here is the line I am trying to edit: 

<entry name="disable_user_list" mtime="1558109430" type="schema" stype="bool" owner="gdm-simple-greeter" gettext_domain="gdm">
  <local_schema locale="C" short_desc="Do not show known users in the login window">
     <default type="bool" value="false"/>
     <longdesc>Set to true to disable showing known users in the login window.</longdesc>
   </local_schema>
</entry>

The line I need to edit is: 

value="false"

to:

value="true"

Because there are more than one "disabe_user_list" in this file, I am not sure how I can use inlinefile option to edit this specific field. I'm pretty sure there might be a regex I could use but I couldn't figure it out.

Anyone have any ideas?

Ryszard Czech
  • 18,032
  • 4
  • 24
  • 37
user2246706
  • 33
  • 5

1 Answers1

1

TL;DR;

Here is a possible solution for you

- xml:
    path: /etc/gconf/gconf.xml.defaults/%gconf-tree.xml
    xpath: "/entry[@name='disable_user_list']/local_schema[@short_desc='Do not show known users in the login window']/default[@type='bool']"
    attribute: value
    value: "true"

The xml module seems to be a better alternative than doing a regex.

This could be a solution for you, but, of course, you'll have to validate this with the other disabe_user_list entries that you might have in your file.

The XPath in this playbook consider that this entry is unique based on the facts that:

  1. the entry node is named disable_user_list
  2. the local_schema node under entry have a short_desc reading `Do not show known users in the login window``
  3. the default node under local_schema is of type: bool

Based on that, the task would target the value attribute and set it to true.

Given this playbook

- hosts: local
  gather_facts: no

  tasks:
    - xml:
        path: /etc/gconf/gconf.xml.defaults/%gconf-tree.xml
        xpath: "/entry[@name='disable_user_list']/local_schema[@short_desc='Do not show known users in the login window']/default[@type='bool']"
        attribute: value
        value: "true"

Here is an example of execution

cat /etc/gconf/gconf.xml.defaults/%gconf-tree.xml && ansible-playbook play.yml && cat /etc/gconf/gconf.xml.defaults/\%gconf-tree.xml 

<?xml version='1.0' encoding='UTF-8'?>
<entry name="disable_user_list" mtime="1558109430" type="schema" stype="bool" owner="gdm-simple-greeter" gettext_domain="gdm">
  <local_schema locale="C" short_desc="Do not show known users in the login window">
     <default type="bool" value="false"/>
     <longdesc>Set to true to disable showing known users in the login window.</longdesc>
   </local_schema>
</entry>

PLAY [local] ***********************************************************************************************************************************************************************************************

TASK [xml] *************************************************************************************************************************************************************************************************
changed: [local]

PLAY RECAP *************************************************************************************************************************************************************************************************
local                      : ok=1    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0 

<?xml version='1.0' encoding='UTF-8'?>
<entry name="disable_user_list" mtime="1558109430" type="schema" stype="bool" owner="gdm-simple-greeter" gettext_domain="gdm">
  <local_schema locale="C" short_desc="Do not show known users in the login window">
     <default type="bool" value="true"/>
     <longdesc>Set to true to disable showing known users in the login window.</longdesc>
   </local_schema>
</entry>
β.εηοιτ.βε
  • 33,893
  • 13
  • 69
  • 83