Description of problem:
- when /etc/sudoers file contains already a line with "Defaults logfile=" but not the default logfile=/var/log/sudo.log, the test fails
=> then when the remediation is applied and a new line with default value is added:
=> and then the test still fails, because only one entry is expected
- The test to check the validity of the line is broken, because "Defaults_fake logfile=/var/log/sudo.log" will pass
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. scap xccdf eval --verbose DEVEL --verbose-log-file oval.log --rule xccdf_org.ssgproject.content_rule_sudo_custom_logfile --profile xccdf_org.ssgproject.content_profile_cis --results scan_resultsAfterRemediation.xml --report scan_reportAfterRemediation.html /usr/share/xml/scap/ssg/content/ssg-rhel8-ds.xml
2. ansible-playbook -b -k -K --become-user root --become-method 'sudo' -i localhost, PlaybookToRemediatesudo.yml |& tee PlaybookToRemediate.output
- Fault positive test
- Wrond remediation which leads to fail test
- Good remediation
- Failed test if Defaults_fake is used
Thank you !
A pull request has been opened in upstream: https://github.com/ComplianceAsCode/content/pull/9299
https://github.com/ComplianceAsCode/content/pull/9299 has been merge to upstream
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory (scap-security-guide bug fix and enhancement update), and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.