** Note that this is a public ticket, please refrain from adding any sensitive data. **

Description:

The compliance check related to enabling the SSH warning banner fails consistently, although the file /etc/ssh/sshd_config.d/00-complianceascode-hardening.conf is configured exactly as recommended.

Compliance Check:
Enable SSH Warning Banner (BELL SOC CIS Level 1)
Identifier: CCE-90807-9

Expected Configuration:
The following line exists in /etc/ssh/sshd_config.d/00-complianceascode-hardening.conf:       

               Banner /etc/issue

Actual Configuration on System:

~~~~~~~~~~~~~~~~~~~~~~~~~~

[root@hostname tmp]# cat /etc/ssh/sshd_config.d/00-complianceascode-hardening.conf
Banner /etc/issue
PermitEmptyPasswords no
X11Forwarding no
IgnoreRhosts yes
PermitUserEnvironment no
LogLevel VERBOSE

~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Despite this, the check fails.

Through testing,  discovered that the check only passes if the following line is removed from the main SSH configuration file /etc/ssh/sshd_config:

             Banner /etc/issue.net

Oddly, even if Banner /etc/issue.net is present in the 00-complianceascode-hardening.conf file instead, the check still fails—suggesting that the evaluation does not properly handle configurations in sshd_config.d/ or gets confused by multiple Banner declarations.

Business Impact:
This bug leads to false negative compliance reports, causing unnecessary remediation steps and compliance noise, which impacts audit preparedness and overall system confidence.

Resolution Suggestion:
Please review the backend logic of the compliance check. It should correctly recognize the Banner /etc/issue line in /etc/ssh/sshd_config.d/00-complianceascode-hardening.conf and not be affected by unrelated entries in the main SSH config file.