Description of problem:
In the pre-release stabilization of the 0.1.81 release, the /per-rule test has revealed an issue in Ansible remediations in rule banner_etc_issue.
The issue is that after remediation, there is an unexpected string reported. appended after the login banner text in /etc/issue. This causes
SCAP Security Guide Version:
Current stabilization branch as of 2025-05-19 as of HEAD 3af66f7
Operating System Version:
happens on all targeted RHEL versions
10.0 RHEL-10.0-updates-20260518.1
10.2 RHEL-10.2-20260507.1
8.10 RHEL-8.10.0-updates-20260517.2
9.2 RHEL-9.2.0-updates-20260517.1
9.4 RHEL-9.4.0-updates-20260517.1
9.6 RHEL-9.6.0-updates-20260517.1
9.8 RHEL-9.8.0-20260409.3
Steps to Reproduce:
- Run
/per-rule/ansible tests for rule banner_etc_issue
Actual Results:
Failing tests
- banner_etc_issue/banner_etc_issue_disa_dod_short.fail
- banner_etc_issue/custom_banner.fail
- banner_etc_issue_net/banner_etc_issue_net_mingetty.fail
- banner_etc_issue_net/banner_etc_issue_net_osid.fail
Rule fails because /etc/issue contains:
I've read & consent to terms in IS user agreem't. reported.
or
This system is made available by ABCD Inc. exclusively for authorized business use. Use may be monitored for technical or regulatory purposes. Do not use this system if you do not consent to such monitoring. Ce système est mis à disposition par la Société ABCD exclusivement pour un usage professionnel autorisé. L'utilisation peut faire l'objet d'une surveillance pour des raisons techniques ou réglementaires. N'utilisez pas ce système si vous n'acceptez pas cette surveillance. reported.
Expected Results:
Test scenarios shouldn't fail.
Additional Information/Debugging Steps:
Issue happens only for the ansible variant, oscap (bash remediations) works fine.
Description of problem:
In the pre-release stabilization of the 0.1.81 release, the
/per-ruletest has revealed an issue in Ansible remediations in rulebanner_etc_issue.The issue is that after remediation, there is an unexpected string
reported.appended after the login banner text in/etc/issue. This causesSCAP Security Guide Version:
Current stabilization branch as of 2025-05-19 as of HEAD 3af66f7
Operating System Version:
happens on all targeted RHEL versions
10.0 RHEL-10.0-updates-20260518.1
10.2 RHEL-10.2-20260507.1
8.10 RHEL-8.10.0-updates-20260517.2
9.2 RHEL-9.2.0-updates-20260517.1
9.4 RHEL-9.4.0-updates-20260517.1
9.6 RHEL-9.6.0-updates-20260517.1
9.8 RHEL-9.8.0-20260409.3
Steps to Reproduce:
/per-rule/ansibletests for rulebanner_etc_issueActual Results:
Failing tests
Rule fails because
/etc/issuecontains:or
Expected Results:
Test scenarios shouldn't fail.
Additional Information/Debugging Steps:
Issue happens only for the ansible variant, oscap (bash remediations) works fine.