Description of problem:

The SCAP check xccdf_org.ssgproject.content_rule_sudo_custom_logfile is failing on the correctly working sudo configuration that defines the logfile:

Snippet from /etc/sudoers
~~~
Defaults logfile = /var/log/sudo
Defaults loglinelen = 0
~~~

The problem is the missing whitespace handling before and after the '='. This is clearly visible in the Pattern used: '^[\s]Defaults[\s]\blogfile=("(?:\\"|\\\\|[^"\\\n])"\B|[^"](??:\\,|\\"|
|\\\\|[^", \\\n]))\b).*$' that has no whitespace pattern before and after the '=' character

Bug is still present in the latest 0.1.69 version freshly released a few hours ago for 8.6-EUS.

How Reproducible:

reproducer is to add the snippet above to /etc/sudoers and run the CIS-L1 scap check and notice that the sudo logfile rule is failing

Version-Release number of selected component (if applicable):
Package - openscap-1.3.8-1.el8_6.x86_64.rpm

Actual results:

Incorrect security reporting for a valid configuration causing leading to discussions why the rule failed.

Additional info:

Spending time to open this case and follow-ups in answering question in the case