Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-1820

Incorrect regex syntax in /usr/share/scap-security-guide/ansible/rhel8-playbook-stig.yml

    • None
    • Moderate
    • rhel-sst-security-compliance
    • ssg_security
    • 26
    • None
    • False
    • Hide

      None

      Show
      None
    • No
    • None
    • None

      Description of problem:
      Task configure_ssh_crypto_policy in /usr/share/scap-security-guide/ansible/rhel8-playbook-stig.yml fails due to a formatting issue in the regexp:

      • name: Configure SSH to use System Crypto Policy
        lineinfile:
        dest: /etc/sysconfig/sshd
        state: absent
        regexp: ^\s*(?i)CRYPTO_POLICY.*$

      Version-Release number of selected component (if applicable):
      scap-security-guide-0.1.66-2.el8_7.noarch

      How reproducible:
      Every time

      Steps to Reproduce:
      1. Install ansible-core and scap-security-guide
      2. Run the provided playbook:

      1. ansible-playbook -vvv --tags CCE-80939-2 /usr/share/scap-security-guide/ansible/rhel8-playbook-stig.yml

      3. Scan fails with a traceback

      Actual results:
      See attached "configure_ssh_crypto_policy.log" file for full output

      Expected results:

      Ansible playbook should run successfully

      Additional info:

      Customer comfirmed that replacing the regexp with the following allows the playbook to work as expected:

      (?i)^\s*CRYPTO_POLICY.*$

      The (?i) construct of the expression must be at the beginning of the expression.

              vpolasek@redhat.com Vojtech Polasek
              rhn-support-lagordon Kaitlin Gordon
              Vojtech Polasek Vojtech Polasek
              Milan Lysonek Milan Lysonek
              Votes:
              0 Vote for this issue
              Watchers:
              12 Start watching this issue

                Created:
                Updated:
                Resolved: