Hide Forgot
Description of problem: The rule ' <Rule id="xccdf_org.ssgproject.content_rule_display_login_attempts" selected="false" severity="low">' contains a faulty remediation script: """ <fix id="display_login_attempts" system="urn:xccdf:fix:script:sh"> sed -i --follow-symlinks "/pam_lastlog.so/d" /etc/pam.d/postlogin fi echo "session [default=1] pam_lastlog.so nowtmp showfailed" >> /etc/pam.d/postlogin echo "session optional pam_lastlog.so silent noupdate showfailed" >> /etc/pam.d/postlogin </fix> """ It should read like this instead: <fix id="display_login_attempts" system="urn:xccdf:fix:script:sh"> if ! `grep -q ^[^#].*pam_succeed_if.*showfailed /etc/pam.d/postlogin` ; then if ! grep `^session.*pam_succeed_if.so /etc/pam.d/postlogin` ; then echo "session [default=1] pam_lastlog.so nowtmp showfailed" >> /etc/pam.d/postlogin echo "session optional pam_lastlog.so silent noupdate showfailed" >> /etc/pam.d/postlogin else sed -i '/^session.*pam_succeed_if.so/a session\t optional\t pam_lastlog.so silent noupdate showfailed' /etc/pam.d/postlogin sed -i '/^session.*pam_succeed_if.so/a session\t [default=1]\t pam_lastlog.so nowtmp showfailed' /etc/pam.d/postlogin fi </fix> Version-Release number of selected component (if applicable): scap-security-guide-0.1.40-12.el7.noarch How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info:
Hello, The the mentioned fix script was updated to be simpler in https://github.com/ComplianceAsCode/content/pull/2745. The issue though, is that the new fix script was being corrupted by an infrastructure bug, fixed in commit: https://github.com/ComplianceAsCode/content/pull/3217/commits/98930e7ae9a4c45089918016bbc9340f6cd6683b
Granting devel ack because it's fixed by rebase to 0.1.43.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2019:2198