Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-1820

Incorrect regex syntax in /usr/share/scap-security-guide/ansible/rhel8-playbook-stig.yml

XMLWordPrintable

    • Normal
    • sst_security_compliance
    • ssg_security
    • 26
    • None
    • False
    • Hide

      None

      Show
      None
    • No
    • None
    • None

      Description of problem:
      Task configure_ssh_crypto_policy in /usr/share/scap-security-guide/ansible/rhel8-playbook-stig.yml fails due to a formatting issue in the regexp:

      • name: Configure SSH to use System Crypto Policy
        lineinfile:
        dest: /etc/sysconfig/sshd
        state: absent
        regexp: ^\s*(?i)CRYPTO_POLICY.*$

      Version-Release number of selected component (if applicable):
      scap-security-guide-0.1.66-2.el8_7.noarch

      How reproducible:
      Every time

      Steps to Reproduce:
      1. Install ansible-core and scap-security-guide
      2. Run the provided playbook:

      1. ansible-playbook -vvv --tags CCE-80939-2 /usr/share/scap-security-guide/ansible/rhel8-playbook-stig.yml

      3. Scan fails with a traceback

      Actual results:
      See attached "configure_ssh_crypto_policy.log" file for full output

      Expected results:

      Ansible playbook should run successfully

      Additional info:

      Customer comfirmed that replacing the regexp with the following allows the playbook to work as expected:

      (?i)^\s*CRYPTO_POLICY.*$

      The (?i) construct of the expression must be at the beginning of the expression.

            vpolasek@redhat.com Vojtech Polasek
            rhn-support-lagordon Lark Gordon
            Vojtech Polasek Vojtech Polasek
            Milan Lysonek Milan Lysonek
            Votes:
            0 Vote for this issue
            Watchers:
            12 Start watching this issue

              Created:
              Updated:
              Resolved: