From be20e7497cbbf996970651ed4ae1acb0b55239a5 Mon Sep 17 00:00:00 2001
From: "Z. Cliffe Schreuders" <code.cliffe@schreuders.org>
Date: Tue, 4 Feb 2025 11:24:03 +0000
Subject: [PATCH] Update lab

- Fix flags
- Improve time-based access control prompt
- Update regex matching for time configuration verification
- Refine instruction clarity for time-based login restrictions
---
 .../hackerbot_config/hbpam/templates/lab.xml.erb          | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/modules/generators/structured_content/hackerbot_config/hbpam/templates/lab.xml.erb b/modules/generators/structured_content/hackerbot_config/hbpam/templates/lab.xml.erb
index 87bdb405e..5e0a08542 100644
--- a/modules/generators/structured_content/hackerbot_config/hbpam/templates/lab.xml.erb
+++ b/modules/generators/structured_content/hackerbot_config/hbpam/templates/lab.xml.erb
@@ -155,7 +155,7 @@ Randomised instance generated by [SecGen](http://github.com/cliffe/SecGen)
     </condition>
     <condition>
 			<output_matches>locked</output_matches>
-      <message>:) Well done! <%= $flags.pop %></message>
+      <message>:) Well done! < %= $flags.pop %></message>
       <trigger_next_attack />
 		</condition>
 		<else_condition>
@@ -188,9 +188,9 @@ Randomised instance generated by [SecGen](http://github.com/cliffe/SecGen)
         days_range = days_standard
       end
     %>
-		<prompt>Set up time-based access control to only allow the user <%= $second_user %> to login between <%= start_hour %>:00 and <%= end_hour %>:00 on <%= selected_days.join(' and ') %>.</prompt>
+		<prompt>Set up time-based access control to only allow the user <%= $second_user %> to login between <%= start_hour %>:00 and <%= end_hour %>:00 on <%= selected_days.join(' and ') %>. Use a single line new rule.</prompt>
     <post_command>
-      grep -qE "^\*;\*;<%=$second_user%>;.*((<%=start_time%>-<%=end_time%>.*(<%=days_standard%>|<%=days_range%>))|(<%=days_standard%>|<%=days_range%>).*<%=start_time%>-<%=end_time%>)" /etc/security/time.conf;
+      grep -qE "^[^;]*;([^;]|\||\!)*;<%=$second_user%>;.*((<%=start_time%>-<%=end_time%>\s*(<%=days_standard%>|<%=days_range%>))|(<%=days_standard%>|<%=days_range%>)\s*<%=start_time%>-<%=end_time%>|(<%=selected_days.join('|')%>)\s*<%=start_time%>-<%=end_time%>)" /etc/security/time.conf;
       echo "p0-$?-";
       grep -q "account.*required.*pam_time.so" /etc/pam.d/common-account;
       echo "p1-$?-"
@@ -227,7 +227,7 @@ Randomised instance generated by [SecGen](http://github.com/cliffe/SecGen)
 
     <condition>
 			<output_matches>currently blacklisted</output_matches>
-      <message>:) Well done! <%= $flags.pop %></message>
+      <message>:) Well done! < %= $flags.pop %></message>
       <trigger_next_attack />
 		</condition>
 		<else_condition>