Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-1904

[RHEL8.8/SCAP/Bug] sudo logfile not handling whitespace around = character

    • Normal
    • sst_security_compliance
    • ssg_security
    • 26
    • None
    • False
    • Hide


    • No
    • None
    • None

      Description of problem:

      The SCAP check xccdf_org.ssgproject.content_rule_sudo_custom_logfile is failing on the correctly working sudo configuration that defines the logfile:

      Snippet from /etc/sudoers
      Defaults logfile = /var/log/sudo
      Defaults loglinelen = 0

      The problem is the missing whitespace handling before and after the '='. This is clearly visible in the Pattern used: '^[\s]Defaults[\s]\blogfile=("(?:\\"|\\\\|[^"\\\n])"\B|[^"](??:\\,|\\"|
      |\\\\|[^", \\\n])
      )\b).*$' that has no whitespace pattern before and after the '=' character

      Bug is still present in the latest 0.1.69 version freshly released a few hours ago for 8.6-EUS.

      How Reproducible:

      reproducer is to add the snippet above to /etc/sudoers and run the CIS-L1 scap check and notice that the sudo logfile rule is failing

      Version-Release number of selected component (if applicable):
      Package - openscap-1.3.8-1.el8_6.x86_64.rpm

      Actual results:

      Incorrect security reporting for a valid configuration causing leading to discussions why the rule failed.

      Additional info:

      Spending time to open this case and follow-ups in answering question in the case

            jcerny@redhat.com Jan Cerny
            rhn-support-rdulhani Rajesh Dulhani
            Vojtech Polasek Vojtech Polasek
            Milan Lysonek Milan Lysonek
            0 Vote for this issue
            13 Start watching this issue