From 3f1fdf77f923bb9f25a1c154873dbca7db8d8573 Mon Sep 17 00:00:00 2001
From: Vojtech Polasek <vpolasek@redhat.com>
Date: Thu, 3 Sep 2020 18:07:37 +0200
Subject: [PATCH 1/2] update ocil

---
 .../disable_ctrlaltdel_reboot/rule.yml        | 19 ++++++++++++-------
 1 file changed, 12 insertions(+), 7 deletions(-)

diff --git a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/rule.yml b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/rule.yml
index 12aa2bc108..09a9af5176 100644
--- a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/rule.yml
@@ -72,15 +72,20 @@ ocil_clause: 'the system is configured to reboot when Ctrl-Alt-Del is pressed'
 ocil: |-
 {{% if product == "rhel6" %}}
     To ensure the system is configured to log a message instead of rebooting the
-    system when Ctrl-Alt-Del is pressed, ensure the following line is in
-    <tt>/etc/init/control-alt-delete.conf</tt>:
+    system when Ctrl-Alt-Del is pressed, run the following command:
+    <pre>sudo grep logger /etc/init/control-alt-delete.conf</pre>
+    The output should contain a line resembling the following one:
     <pre>exec /usr/bin/logger -p security.info "Control-Alt-Delete pressed"</pre>
 {{% else %}}
-    To ensure the system is configured to mask the Ctrl-Alt-Del sequence,
-    enter the following command:
-    <pre>$ sudo ln -sf /dev/null /etc/systemd/system/ctrl-alt-del.target</pre>
-    or
-    <pre>$ sudo systemctl mask ctrl-alt-del.target</pre>
+    To ensure the system is configured to mask the Ctrl-Alt-Del sequence, Check
+    that the ctrl-alt-del.target is masked and not active with the following
+    command:
+    <pre>sudo systemctl status ctrl-alt-del.target</pre>
+    The output should indicate that the target is masked and not active. It
+    might resemble following output:
+    <pre>ctrl-alt-del.target
+    Loaded: masked (/dev/null; bad)
+    Active: inactive (dead)</pre>
 {{% endif %}}
 
 warnings:

From b8fe86828425bdd423fabb2e6950b2d7f7f636a5 Mon Sep 17 00:00:00 2001
From: Vojtech Polasek <vpolasek@redhat.com>
Date: Thu, 3 Sep 2020 18:07:54 +0200
Subject: [PATCH 2/2] add tests

---
 .../disable_ctrlaltdel_reboot/tests/masked.pass.sh            | 4 ++++
 .../disable_ctrlaltdel_reboot/tests/not_masked.fail.sh        | 4 ++++
 2 files changed, 8 insertions(+)
 create mode 100644 linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/tests/masked.pass.sh
 create mode 100644 linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/tests/not_masked.fail.sh

diff --git a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/tests/masked.pass.sh b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/tests/masked.pass.sh
new file mode 100644
index 0000000000..79a1398a4e
--- /dev/null
+++ b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/tests/masked.pass.sh
@@ -0,0 +1,4 @@
+#!/bin/bash
+# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_fedora
+
+systemctl mask ctrl-alt-del.target
diff --git a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/tests/not_masked.fail.sh b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/tests/not_masked.fail.sh
new file mode 100644
index 0000000000..74342f0251
--- /dev/null
+++ b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/tests/not_masked.fail.sh
@@ -0,0 +1,4 @@
+#!/bin/bash
+# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_fedora
+
+systemctl unmask ctrl-alt-del.target