From 5d79543340be5ae0501c43d56cf73d0ad4119d85 Mon Sep 17 00:00:00 2001
From: Louis Abel <tucklesepk@gmail.com>
Date: Fri, 21 Apr 2023 21:46:27 -0700
Subject: [PATCH] fix tlogging

---
 init-rocky-session-recording.yml         | 4 ++--
 init-rocky-system-config.yml             | 4 ++++
 templates/etc/tlog/tlog-rec-session.conf | 2 +-
 3 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/init-rocky-session-recording.yml b/init-rocky-session-recording.yml
index 027ecf4..5a733fa 100644
--- a/init-rocky-session-recording.yml
+++ b/init-rocky-session-recording.yml
@@ -3,7 +3,7 @@
 # linux-system-roles.tlog role, but with modifications. The expectation
 # is that the system is enrolled to FreeIPA.
 - name: Configure session recording
-  hosts: all
+  hosts: "{{ host|default('all') }}"
   become: true
 
   # This is to try to avoid the handler issue in pre/post tasks
@@ -24,7 +24,7 @@
         fail_msg: "/etc/no-ansible exists - skipping run on this node"
 
   tasks:
-    - name: Loading Variables from OS Common
+    - name: Configure session recording for the designated system
       import_tasks: tasks/tlog.yml
 
   post_tasks:
diff --git a/init-rocky-system-config.yml b/init-rocky-system-config.yml
index e268b65..b4e4ff6 100644
--- a/init-rocky-system-config.yml
+++ b/init-rocky-system-config.yml
@@ -50,6 +50,10 @@
     - name: Configure common skel items
       ansible.builtin.import_tasks: tasks/skel.yml
 
+    - name: Configure tlog for secure systems
+      import_tasks: tasks/tlog.yml
+      when: "'secureboot' in group_names"
+
   post_tasks:
     - name: Touching run file that ansible has ran here
       ansible.builtin.file:
diff --git a/templates/etc/tlog/tlog-rec-session.conf b/templates/etc/tlog/tlog-rec-session.conf
index a39d235..6158cf7 100644
--- a/templates/etc/tlog/tlog-rec-session.conf
+++ b/templates/etc/tlog/tlog-rec-session.conf
@@ -10,7 +10,7 @@
     // A message which will be printed before starting
     // recording and the user shell. Can be used to warn
     // the user that the session is recorded.
-    "notice" : "\n** Session recording now in progress\n\n",
+    "notice" : "\nATTENTION! Your session is being recorded!\n\n",
 
     // The number of seconds to cache captured data for before logging.
     // The encoded data which does not reach payload size