-
Bug
-
Resolution: Done-Errata
-
Normal
-
rhel-8.7.0
-
None
-
Moderate
-
rhel-sst-security-compliance
-
ssg_security
-
26
-
None
-
False
-
-
No
-
None
-
-
Pass
-
None
-
-
Unspecified
-
None
Description of problem:
Task configure_ssh_crypto_policy in /usr/share/scap-security-guide/ansible/rhel8-playbook-stig.yml fails due to a formatting issue in the regexp:
- name: Configure SSH to use System Crypto Policy
lineinfile:
dest: /etc/sysconfig/sshd
state: absent
regexp: ^\s*(?i)CRYPTO_POLICY.*$
Version-Release number of selected component (if applicable):
scap-security-guide-0.1.66-2.el8_7.noarch
How reproducible:
Every time
Steps to Reproduce:
1. Install ansible-core and scap-security-guide
2. Run the provided playbook:
- ansible-playbook -vvv --tags CCE-80939-2 /usr/share/scap-security-guide/ansible/rhel8-playbook-stig.yml
3. Scan fails with a traceback
Actual results:
See attached "configure_ssh_crypto_policy.log" file for full output
Expected results:
Ansible playbook should run successfully
Additional info:
Customer comfirmed that replacing the regexp with the following allows the playbook to work as expected:
(?i)^\s*CRYPTO_POLICY.*$
The (?i) construct of the expression must be at the beginning of the expression.
- external trackers
- links to
-
RHBA-2024:128049 scap-security-guide bug fix and enhancement update
- mentioned on