more screensaver madness

tstromberg · tstromberg · commit c62a3ef717bf · 2025-08-07T15:54:10.000-04:00
diff --git a/cmd/agent/checks.yaml b/cmd/agent/checks.yaml
@@ -216,23 +216,23 @@ checks:
           - Configure LXQt screen locking
           - Set lockScreenCommand in ~/.config/lxqt/session.conf
           - Install a screen locker like light-locker, xscreensaver, or xlock
-      # LXDE - Only check if LXDE session is running
-      - output: pgrep lxsession >/dev/null && (command -v light-locker || command -v xscreensaver || command -v xlock)
-        exitcode: 1
+      # LXDE - Check if a screen locker is actually running
+      - output: pgrep lxsession >/dev/null && pgrep -l "light-locker|xscreensaver|xautolock|i3lock|slock|xlock"
+        excludes: "light-locker|xscreensaver|xautolock|i3lock|slock|xlock"
         remediation:
-          - Install a screen locker for LXDE
-          - "Linux/FreeBSD: Install light-locker or xscreensaver"
-          - "OpenBSD/NetBSD: Install xlock from packages"
-      # i3 Window Manager - Only check if i3 is running
-      - output: pgrep i3 >/dev/null && (grep "i3lock\|xautolock\|xss-lock" ~/.config/i3/config 2>/dev/null || grep "i3lock\|xautolock\|xss-lock" ~/.i3/config 2>/dev/null)
-        excludes: "i3lock|xautolock|xss-lock"
+          - No screen locker is running for LXDE
+          - Install and configure a screen locker (light-locker, xscreensaver, or xautolock)
+          - Add to ~/.config/lxsession/LXDE/autostart or ~/.config/autostart/
+      # i3 Window Manager - Check if screen locker is running
+      - output: pgrep i3 >/dev/null && pgrep -l "xautolock|xss-lock|xidlehook"
+        excludes: "xautolock|xss-lock|xidlehook"
         remediation:
           - Install and configure screen locking for i3
           - "Install locker: i3lock, slock, or xlock (varies by OS)"
           - "Add to i3 config: 'exec --no-startup-id xss-lock --transfer-sleep-lock -- i3lock -n'"
-      # Openbox Window Manager - Only check if openbox is running
-      - output: pgrep openbox >/dev/null && grep "xautolock\|xss-lock" ~/.config/openbox/autostart 2>/dev/null
-        excludes: "xautolock|xss-lock"
+      # Openbox Window Manager - Check if screen locker is running
+      - output: pgrep openbox >/dev/null && pgrep -l "xautolock|xss-lock|light-locker"
+        excludes: "xautolock|xss-lock|light-locker"
         remediation:
           - Configure screen locking for Openbox
           - "Add to ~/.config/openbox/autostart: 'xautolock -time 15 -locker \"i3lock -c 000000\" &'"
@@ -324,27 +324,27 @@ checks:
         remediation:
           - Set LXQt idle timeout to 15 minutes (900000 ms) or less
           - Configure in LXQt System Settings > Power Management
-      # LXDE - Only check timeout if LXDE session is running
-      - output: pgrep lxsession >/dev/null && (grep "sleep_display_ac" ~/.config/lxsession/LXDE/desktop.conf 2>/dev/null || grep "sleep_display_ac" /etc/xdg/lxsession/LXDE/desktop.conf 2>/dev/null)
-        includes: "sleep_display_ac.*([1-9][6-9]|[2-9][0-9]|[1-9][0-9]{2,})"
+      # LXDE - Check if xautolock is running with proper timeout
+      - output: pgrep lxsession >/dev/null && pgrep -fl "xautolock.*-time"
+        includes: "-time (1[6-9]|[2-9][0-9]|[1-9][0-9]{2,})"
         remediation:
-          - Set LXDE display sleep to 15 minutes or less
-          - Edit ~/.config/lxsession/LXDE/desktop.conf and set sleep_display_ac=15
+          - Configure xautolock with 15 minute timeout or less
+          - "Add to autostart: 'xautolock -time 15 -locker \"light-locker\" &'"
       # Sway - Only check timeout if sway is running
       - output: pgrep sway >/dev/null && grep "timeout" ~/.config/sway/config 2>/dev/null
         includes: "timeout [9][1-9][0-9][0-9]|timeout [1-9][0-9]{4,}"
         remediation:
           - Configure swayidle timeout to 15 minutes (900 seconds) or less
           - "Add to Sway config: 'exec swayidle -w timeout 900 \"swaylock -f\"'"
-      # i3 Window Manager - Only check timeout if i3 is running
-      - output: pgrep i3 >/dev/null && (grep "xautolock.*-time" ~/.config/i3/config 2>/dev/null || grep "xautolock.*-time" ~/.i3/config 2>/dev/null)
-        includes: "-time [1-9][6-9]|-time [2-9][0-9]|-time [1-9][0-9]{2,}"
+      # i3 Window Manager - Check if xautolock is running with proper timeout
+      - output: pgrep i3 >/dev/null && pgrep -fl "xautolock.*-time"
+        includes: "-time (1[6-9]|[2-9][0-9]|[1-9][0-9]{2,})"
         remediation:
           - Configure xautolock timeout to 15 minutes or less
           - "Add to i3 config: 'exec --no-startup-id xautolock -time 15 -locker \"i3lock -c 000000\"'"
-      # Openbox - Only check timeout if openbox is running
-      - output: pgrep openbox >/dev/null && grep "xautolock.*-time" ~/.config/openbox/autostart 2>/dev/null
-        includes: "-time [1-9][6-9]|-time [2-9][0-9]|-time [1-9][0-9]{2,}"
+      # Openbox - Check if xautolock is running with proper timeout
+      - output: pgrep openbox >/dev/null && pgrep -fl "xautolock.*-time"
+        includes: "-time (1[6-9]|[2-9][0-9]|[1-9][0-9]{2,})"
         remediation:
           - Configure xautolock timeout to 15 minutes or less
           - "Add to ~/.config/openbox/autostart: 'xautolock -time 15 -locker \"i3lock -c 000000\" &'"
diff --git a/cmd/agent/main.go b/cmd/agent/main.go
@@ -1017,18 +1017,29 @@ func (*Agent) displayFailedChecks(results map[string]CheckResult, finalOrder []s
 		// Show evidence - command and output for failed checks
 		if len(result.Outputs) > 0 {
 			printLine("   💻 Evidence:")
-			for _, output := range result.Outputs {
+			failedCount := 0
+			for i, output := range result.Outputs {
 				// Skip outputs that didn't fail
 				if !output.Failed {
 					continue
 				}
+				failedCount++
+
+				// If multiple commands were checked, number them
+				if len(result.Outputs) > 1 {
+					printLine("      [Command %d of %d - FAILED]", i+1, len(result.Outputs))
+				}
 
 				// Show command or file that was checked
 				if output.Command != "" {
 					printLine("      Command: %s", output.Command)
 				} else if output.File != "" {
 					printLine("      File: %s", output.File)
 				}
+				// Show why it failed
+				if output.FailReason != "" {
+					printLine("      Failure: %s", output.FailReason)
+				}
 
 				// Show relevant output (truncated for readability)
 				if output.Stdout != "" {
@@ -1045,6 +1056,16 @@ func (*Agent) displayFailedChecks(results map[string]CheckResult, finalOrder []s
 				if output.Stderr != "" && output.Stderr != output.FailReason {
 					printLine("      Error: %s", output.Stderr)
 				}
+				
+				// Add spacing between multiple failed commands
+				if failedCount < len(result.Outputs) && len(result.Outputs) > 1 {
+					for j := i + 1; j < len(result.Outputs); j++ {
+						if result.Outputs[j].Failed {
+							printLine("")
+							break
+						}
+					}
+				}
 			}
 		}
 
@@ -1098,7 +1119,18 @@ func (*Agent) displayAllChecks(results map[string]CheckResult, checkOrder []stri
 		printLine("───────────────────────────────────────────────────────────────")
 
 		// Show all command outputs
-		for _, output := range result.Outputs {
+		for i, output := range result.Outputs {
+			// Show command number if multiple
+			if len(result.Outputs) > 1 {
+				status := "OK"
+				if output.Failed {
+					status = "FAILED"
+				} else if output.Skipped || output.FileMissing {
+					status = "SKIPPED"
+				}
+				printLine("[Command %d of %d - %s]", i+1, len(result.Outputs), status)
+			}
+			
 			if output.Command != "" {
 				printLine("Command: %s", output.Command)
 			} else if output.File != "" {
@@ -1137,9 +1169,12 @@ func (*Agent) displayAllChecks(results map[string]CheckResult, checkOrder []stri
 				}
 			}
 
-			if output.Failed {
+			switch {
+			case output.Failed:
 				printLine("Status: FAILED - %s", output.FailReason)
-			} else {
+			case output.Skipped, output.FileMissing:
+				printLine("Status: SKIPPED")
+			default:
 				printLine("Status: OK")
 			}
 			printLine("")
