Store plain login banner text in XCCDF Value

controls/ccn_ol9.yml

@@ -623,10 +623,15 @@ controls:
           - banner_etc_motd
           - dconf_gnome_banner_enabled
           - dconf_gnome_login_banner_text
+          - dconf_login_banner_text=cis_default
+          - dconf_login_banner_contents=cis_default
           - sshd_enable_warning_banner_net
           - login_banner_text=cis_default
+          - login_banner_contents=cis_default
           - motd_banner_text=cis_default
+          - motd_banner_contents=cis_default
           - remote_login_banner_text=cis_default
+          - remote_login_banner_contents=cis_default
 
     - id: A.11.SEC-OL5
       title: Network Acess to the System is Controlled

controls/cis_al2023.yml

@@ -468,6 +468,7 @@ controls:
       rules:
           - banner_etc_motd
           - motd_banner_text=cis_banners
+          - motd_banner_contents=cis_default
 
     - id: 1.7.2
       title: Ensure local login warning banner is configured properly (Automated)
@@ -477,6 +478,7 @@ controls:
       rules:
           - banner_etc_issue
           - login_banner_text=cis_banners
+          - login_banner_contents=cis_default
 
     - id: 1.7.3
       title: Ensure remote login warning banner is configured properly (Automated)
@@ -486,6 +488,7 @@ controls:
       rules:
           - banner_etc_issue_net
           - remote_login_banner_text=cis_banners
+          - remote_login_banner_contents=cis_default
 
     - id: 1.7.4
       title: Ensure permissions on /etc/motd are configured (Automated)

controls/cis_almalinux9.yml

@@ -691,7 +691,8 @@ controls:
       rules:
           - dconf_gnome_banner_enabled
           - dconf_gnome_login_banner_text
-          - login_banner_text=cis_banners
+          - dconf_login_banner_text=cis_banners
+          - dconf_login_banner_contents=cis_default
 
     - id: 1.8.3
       title: Ensure GDM disable-user-list option is enabled (Automated)

controls/cis_debian12.yml

@@ -540,7 +540,8 @@ controls:
           - l1_server
           - l1_workstation
       rules:
-          - login_banner_text=cis_default
+          - dconf_login_banner_text=cis_default
+          - dconf_login_banner_contents=cis_default
           - dconf_gnome_banner_enabled
           - dconf_gnome_login_banner_text
       status: automated

controls/cis_fedora.yml

@@ -710,7 +710,8 @@ controls:
       rules:
           - dconf_gnome_banner_enabled
           - dconf_gnome_login_banner_text
-          - login_banner_text=cis_banners
+          - dconf_login_banner_text=cis_banners
+          - dconf_login_banner_contents=cis_default
 
     - id: 1.8.2
       title: Ensure GDM disable-user-list is configured (Automated)

controls/cis_sle12.yml

@@ -457,6 +457,7 @@
       rules:
           - banner_etc_motd
           - motd_banner_text=cis_banners
+          - motd_banner_contents=cis_default
 
     - id: 1.8.1.2
       title: Ensure local login warning banner is configured properly (Automated)
@@ -467,6 +468,7 @@
       rules:
           - banner_etc_issue
           - login_banner_text=cis_banners
+          - login_banner_contents=cis_default
 
     - id: 1.8.1.3
       title: Ensure remote login warning banner is configured properly (Automated)
@@ -477,6 +479,7 @@
       rules:
           - banner_etc_issue_net
           - remote_login_banner_text=cis_banners
+          - remote_login_banner_contents=cis_default
 
     - id: 1.8.1.4
       title: Ensure permissions on /etc/motd are configured (Automated)
@@ -535,7 +538,8 @@
           - dconf_gnome_disable_user_list
           - dconf_gnome_banner_enabled
           - dconf_gnome_login_banner_text
-          - login_banner_text=cis_default
+          - dconf_login_banner_text=cis_default
+          - dconf_login_banner_contents=cis_default
 
     - id: 2.1.1
       title: Ensure xinetd is not installed (Automated)
@@ -1348,7 +1352,7 @@
       levels:
           - l1_server
           - l1_workstation
       automated: yes
       rules:
           - rsyslog_logging_configured
 

controls/cis_sle15.yml

@@ -455,6 +455,7 @@
       rules:
           - banner_etc_motd
           - motd_banner_text=cis_banners
+          - motd_banner_contents=cis_default
 
     - id: 1.8.1.2
       title: Ensure local login warning banner is configured properly (Automated)
@@ -465,6 +466,7 @@
       rules:
           - banner_etc_issue
           - login_banner_text=cis_banners
+          - login_banner_contents=cis_default
 
     - id: 1.8.1.3
       title: Ensure remote login warning banner is configured properly (Automated)
@@ -475,6 +477,7 @@
       rules:
           - banner_etc_issue_net
           - remote_login_banner_text=cis_banners
+          - remote_login_banner_contents=cis_default
 
     - id: 1.8.1.4
       title: Ensure permissions on /etc/motd are configured (Automated)
@@ -532,7 +535,8 @@
           - enable_dconf_user_profile
           - dconf_gnome_banner_enabled
           - dconf_gnome_login_banner_text
-          - login_banner_text=cis_default
+          - dconf_login_banner_text=cis_default
+          - dconf_login_banner_contents=cis_default
 
     - id: 2.1.1
       title: Ensure xinetd is not installed (Automated)
@@ -1530,7 +1534,7 @@
       levels:
           - l1_server
           - l1_workstation
       automated: yes
       rules:
           - rsyslog_logging_configured
 

controls/cis_ubuntu2204.yml

@@ -528,7 +528,8 @@ controls:
           - l1_server
           - l1_workstation
       rules:
-          - login_banner_text=cis_default
+          - dconf_login_banner_text=cis_default
+          - dconf_login_banner_contents=cis_default
           - dconf_gnome_banner_enabled
           - dconf_gnome_login_banner_text
       status: automated

controls/cis_ubuntu2404.yml

@@ -561,7 +561,8 @@ controls:
           - l1_server
           - l1_workstation
       rules:
-          - login_banner_text=cis_default
+          - dconf_login_banner_text=cis_default
+          - dconf_login_banner_contents=cis_default
           - dconf_gnome_banner_enabled
           - dconf_gnome_login_banner_text
       status: automated

controls/general_sle15.yml

@@ -470,6 +470,7 @@ controls:
       rules:
           - banner_etc_motd
           - motd_banner_text=cis_banners
+          - motd_banner_contents=cis_default
 
     - id: SLES-15-151050030
       title: Modify the System Login Banner
@@ -479,6 +480,7 @@ controls:
       rules:
           - banner_etc_issue
           - login_banner_text=cis_banners
+          - login_banner_contents=cis_default
 
     - id: SLES-15-151050045
       title: Modify the System Login Banner for Remote Connections
@@ -488,6 +490,7 @@ controls:
       rules:
           - banner_etc_issue_net
           - remote_login_banner_text=cis_banners
+          - remote_login_banner_contents=cis_default
 
     - id: SLES-15-151050060
       title: Configure access to the Message of the Day Banner
@@ -535,7 +538,8 @@ controls:
       rules:
           - dconf_gnome_banner_enabled
           - dconf_gnome_login_banner_text
-          - login_banner_text=cis_default
+          - dconf_login_banner_text=cis_default
+          - dconf_login_banner_contents=cis_default
 
     - id: SLES-15-151200135
       title: Disable the GDM Login User List

controls/general_slmicro5.yml

@@ -269,6 +269,7 @@ controls:
       rules:
           - banner_etc_motd
           - motd_banner_text=cis_banners
+          - motd_banner_contents=cis_default
 
     - id: SLEM-5-SET-08010200
       title: Modify the System Login Banner
@@ -278,6 +279,7 @@ controls:
       rules:
           - banner_etc_issue
           - login_banner_text=cis_banners
+          - login_banner_contents=cis_default
 
     - id: SLEM-5-SET-08010300
       title: Modify the System Login Banner for Remote Connections
@@ -287,6 +289,7 @@ controls:
       rules:
           - banner_etc_issue_net
           - remote_login_banner_text=cis_banners
+          - remote_login_banner_contents=cis_default
 
     - id: SLEM-5-SET-08010400
       title: Verify Ownership and Permissions of/on Message of the Day Banner
@@ -1021,6 +1024,7 @@ controls:
       rules:
           - banner_etc_issue
           - login_banner_text=dod_banners
+          - login_banner_contents=dod_default
           - sshd_enable_warning_banner
       status: automated
 

controls/nist_rhcos4.yml

@@ -1228,6 +1228,7 @@ controls:
       rules:
           - banner_etc_issue
           - login_banner_text=dod_banners
+          - login_banner_contents=dod_default
       description: "The information system:\n a. Displays to users [Assignment: organization-defined\
           \ system use notification message or banner] before granting access to the system that provides\
           \ privacy and security notices consistent with applicable federal laws, Executive Orders, directives,\

controls/srg_gpos.yml

@@ -26,5 +26,6 @@ controls:
           - var_accounts_authorized_local_users_regex=rhel9
           - var_account_disable_post_pw_expiration=35
           - login_banner_text=dod_banners
+          - login_banner_contents=dod_default
           - var_authselect_profile=sssd
           - var_auditd_name_format=stig

controls/std_kylinserver10.yml

@@ -119,6 +119,7 @@ controls:
       rules:
           - banner_etc_issue
           - login_banner_text=cis_banners
+          - login_banner_contents=cis_default
 
     - id: 1.14
       title: ensure-message-of-the-day-is-configured-properly
@@ -127,7 +128,8 @@ controls:
       status: automated
       rules:
           - banner_etc_motd
-          - login_banner_text=cis_banners
+          - motd_banner_text=cis_banners
+          - motd_banner_contents=cis_default
 
     - id: 1.15
       title: Ensure sshd PermitRootLogin is disabled (Automated)

controls/std_tencentos4.yml

@@ -114,6 +114,7 @@ controls:
       rules:
           - banner_etc_motd
           - motd_banner_text=cis_banners
+          - motd_banner_contents=cis_default
 
     - id: 1.4.2
       title: Ensure local login warning banner is configured properly
@@ -123,6 +124,7 @@ controls:
       rules:
           - banner_etc_issue
           - login_banner_text=cis_banners
+          - login_banner_contents=cis_default
 
     - id: 1.4.3
       title: Ensure remote login warning banner is configured properly
@@ -132,6 +134,7 @@ controls:
       rules:
           - banner_etc_issue_net
           - remote_login_banner_text=cis_banners
+          - remote_login_banner_contents=cis_default
 
     - id: 1.4.4
       title: Ensure permissions on /etc/motd are configured

controls/stig_ol9.yml

@@ -53,6 +53,7 @@ controls:
       rules:
           - banner_etc_issue
           - login_banner_text=dod_default
+          - login_banner_contents=dod_default
       status: automated
 
     - id: OL09-00-000020
@@ -1972,7 +1973,8 @@ controls:
           or remote access to the system via a graphical user logon.
       rules:
           - dconf_gnome_login_banner_text
-          - login_banner_text=dod_default
+          - dconf_login_banner_text=dod_default
+          - dconf_login_banner_contents=dod_default
 
     - id: OL09-00-002122
       levels:

controls/stig_slmicro5.yml

@@ -36,6 +36,7 @@ controls:
       rules:
           - banner_etc_issue
           - login_banner_text=dod_banners
+          - login_banner_contents=dod_default
       status: automated
 
     - id: SLEM-05-211025

controls/stig_ubuntu2204.yml

@@ -551,6 +551,7 @@ controls:
           - medium
       rules:
           - remote_login_banner_text=dod_banners
+          - remote_login_banner_contents=dod_default
           - sshd_enable_warning_banner_net
           - banner_etc_issue_net
       status: automated
@@ -653,7 +654,8 @@ controls:
       levels:
           - medium
       rules:
-          - login_banner_text=dod_banners
+          - dconf_login_banner_text=dod_banners
+          - dconf_login_banner_contents=dod_default
           - dconf_gnome_login_banner_text
       status: automated
 

controls/stig_ubuntu2404.yml

@@ -441,6 +441,7 @@ controls:
           - medium
       rules:
           - remote_login_banner_text=dod_banners
+          - remote_login_banner_contents=dod_default
           - sshd_enable_warning_banner_net
           - banner_etc_issue_net
       status: automated
@@ -461,7 +462,8 @@ controls:
       levels:
           - medium
       rules:
-          - login_banner_text=dod_banners
+          - dconf_login_banner_text=dod_banners
+          - dconf_login_banner_contents=dod_default
           - dconf_gnome_login_banner_text
       status: automated
 

linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/ansible/shared.yml

@@ -1,15 +1,15 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle,multi_platform_slmicro,multi_platform_almalinux
+# platform = multi_platform_all
 # reboot = false
 # strategy = unknown
 # complexity = low
 # disruption = medium
-{{{ ansible_instantiate_variables("login_banner_text") }}}
+{{{ ansible_instantiate_variables("login_banner_contents") }}}
 
 {{%- if product not in ['sle15', 'slmicro5', 'slmicro6'] -%}}
 - name: "{{{ rule_title }}} - Ensure Correct Banner"
   ansible.builtin.copy:
     dest: /etc/issue
-    content: '{{{ ansible_deregexify_banner_etc_issue("login_banner_text") }}}'
+    content: "{{ login_banner_contents | replace('\\n', '\n') }}\n"
 {{%- else -%}}
 - name: {{{ rule_title }}} Ensure issue-generator is Installed
   ansible.builtin.package:
@@ -19,7 +19,7 @@
 - name: "{{{ rule_title }}} - Ensure Correct Banner"
   ansible.builtin.copy:
     dest: /etc/issue.d/99-oscap-setting
-    content: '{{{ ansible_deregexify_banner_etc_issue("login_banner_text") }}}'
+    content: "{{ login_banner_contents | replace('\\n', '\n') }}\n"
 
 - name: "{{{ rule_title }}} - Restart issue-generator Service on Issue Configuration Change"
   ansible.builtin.systemd: