Hide Forgot
Description of problem: Multiple issues: - when /etc/sudoers file contains already a line with "Defaults logfile=" but not the default logfile=/var/log/sudo.log, the test fails => then when the remediation is applied and a new line with default value is added: ~~~ Defaults logfile=/var/log/sudofile.log Defaults logfile=/var/log/sudo.log ~~~ => and then the test still fails, because only one entry is expected - The test to check the validity of the line is broken, because "Defaults_fake logfile=/var/log/sudo.log" will pass Version-Release number of selected component (if applicable): scap-security-guide-0.1.57-5.el8.noarch How reproducible: always Steps to Reproduce: 1. scap xccdf eval --verbose DEVEL --verbose-log-file oval.log --rule xccdf_org.ssgproject.content_rule_sudo_custom_logfile --profile xccdf_org.ssgproject.content_profile_cis --results scan_resultsAfterRemediation.xml --report scan_reportAfterRemediation.html /usr/share/xml/scap/ssg/content/ssg-rhel8-ds.xml 2. ansible-playbook -b -k -K --become-user root --become-method 'sudo' -i localhost, PlaybookToRemediatesudo.yml |& tee PlaybookToRemediate.output 3. Actual results: - Fault positive test - Wrond remediation which leads to fail test Expected results: - Good remediation - Failed test if Defaults_fake is used Additional info: Thank you !
A pull request has been opened in upstream: https://github.com/ComplianceAsCode/content/pull/9299
https://github.com/ComplianceAsCode/content/pull/9299 has been merge to upstream
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (scap-security-guide bug fix and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2022:7563