1659537 – banner-message-text in /etc/dconf/db/gdm.d/00-security-settings contains actual newlines instead of \n

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1659537 - banner-message-text in /etc/dconf/db/gdm.d/00-security-settings contains actual newlines instead of \n

Summary: banner-message-text in /etc/dconf/db/gdm.d/00-security-settings contains actu...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	scap-security-guide
Sub Component:
Version:	7.6
Hardware:	All
OS:	Linux
Priority:	high
Severity:	urgent
Target Milestone:	rc
Target Release:	---
Assignee:	Matěj Týč
QA Contact:	Matus Marhefka
Docs Contact:	RaTasha Tillery-Smith
URL:
Whiteboard:
Duplicates (2):	1661963 1691541 (view as bug list)
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2018-12-14 16:01 UTC by Joe Wright
Modified:	2023-09-07 19:35 UTC (History)
CC List:	9 users (show)
Fixed In Version:	scap-security-guide-0.1.46-1.el7
Doc Type:	No Doc Update
Doc Text:
Clone Of:
Environment:
Last Closed:	2020-03-31 19:38:15 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Knowledge Base (Solution)	3756961	0	None	None	None	2018-12-14 16:22:25 UTC
Red Hat Product Errata	RHBA-2020:1019	0	None	None	None	2020-03-31 19:38:35 UTC

Description Joe Wright 2018-12-14 16:01:00 UTC

Description of problem:
Another problem caused by the DISA STIG security profile:

  The banner-message-text in /etc/dconf/db/gdm.d/00-security-settings contains actual newlines instead of \n

Version-Release number of selected component (if applicable):
- RHEL 7.6 GA

How reproducible:
100%

Steps to Reproduce:
1. Install 7.6 with DISA STIG security profile
2. Install X to work around BZ 1648162 and reboot
3. Attempt to update

Actual results:
  This produces an error when dconf update is run by yum update:
      /etc/dconf/db/gdm.d: warning: Failed to read keyfile '/etc/dconf/db/gdm.d/00-security-settings': ...


Expected results:
- Banner is set properly initially

Additional info:

Workaround:

  cat > /etc/dconf/db/gdm.d/00-security-settings <<'EOF'
[org/gnome/login-screen]
banner-message-text=string 'You are accessing a U.S. Government (USG) Information System (IS) that is provided for USG-authorized use only. By using this IS (which includes any device attached to this IS), you consent to the following conditions:\n\n- The USG routinely intercepts and monitors communications on this IS for purposes including, but not limited to, penetration testing, COMSEC monitoring, network operations and defense, personnel misconduct (PM), law enforcement (LE), and counterintelligence (CI) investigations.\n\n- At any time, the USG may inspect and seize data stored on this IS.\n\n- Communications using, or data stored on, this IS are not private, are subject to routine monitoring, interception, and search, and may be disclosed or used for any USG-authorized purpose.\n\n- This IS includes security measures (e.g., authentication and access controls) to protect USG interests--not for your personal benefit or privacy.\n\n- Notwithstanding the above, using this IS does not constitute consent to PM, LE or CI investigative searching or monitoring of the content of privileged communications, or work product, related to personal representation or services by attorneys, psychotherapists, or clergy, and their assistants. Such communications and work product are private and confidential. See User Agreement for details.'
banner-message-enable=true
enable-smartcard-authentication=true
EOF
  dconf update

Comment 5 Marek Haicman 2019-01-07 20:20:41 UTC

*** Bug 1661963 has been marked as a duplicate of this bug. ***

Comment 8 Chris Williams 2019-05-22 18:51:28 UTC

*** Bug 1691541 has been marked as a duplicate of this bug. ***

Comment 12 Gabriel Gaspar Becker 2019-06-28 14:41:59 UTC

Fixed upstream: https://github.com/ComplianceAsCode/content/pull/3679

Comment 15 Matus Marhefka 2019-09-19 08:15:34 UTC

Verified for scap-security-guide-0.1.46-1.el7 using SSG Test Suite:

$ ./test_suite.py rule --libvirt qemu:///session rhel7 --mode online --remediate-using oscap --datastream ./ssg-rhel7-ds.xml dconf_gnome_login_banner_text
...
INFO - xccdf_org.ssgproject.content_rule_dconf_gnome_login_banner_text
INFO - Script correct_value.pass.sh using profile xccdf_org.ssgproject.content_profile_ncp OK
INFO - Script correct_value_stig.pass.sh using profile xccdf_org.ssgproject.content_profile_stig OK
INFO - Script missing_value_stig.fail.sh using profile xccdf_org.ssgproject.content_profile_stig OK
INFO - Script wrong_value_stig.fail.sh using profile xccdf_org.ssgproject.content_profile_stig OK
INFO - Script wrong_value.fail.sh using profile xccdf_org.ssgproject.content_profile_ncp OK

Comment 17 errata-xmlrpc 2020-03-31 19:38:15 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:1019

Note You need to log in before you can comment on or make changes to this bug.