|
 |
7a35c8 |
diff --git a/shared/remediations/bash/templates/remediation_functions b/shared/remediations/bash/templates/remediation_functions
|
|
|
7a35c8 |
index 1ef7e19..40d8ad3 100644
|
|
|
7a35c8 |
--- a/shared/remediations/bash/templates/remediation_functions
|
|
|
7a35c8 |
+++ b/shared/remediations/bash/templates/remediation_functions
|
|
|
7a35c8 |
@@ -774,7 +774,7 @@ function replace_or_append {
|
|
|
7a35c8 |
|
|
|
7a35c8 |
# Strip any search characters in the key arg so that the key can be replaced without
|
|
|
7a35c8 |
# adding any search characters to the config file.
|
|
|
7a35c8 |
- stripped_key=${key//[!a-zA-Z]/}
|
|
|
7a35c8 |
+ stripped_key=$(sed "s/[\^=\$,;+]*//g" <<< $key)
|
|
|
7a35c8 |
|
|
|
7a35c8 |
# If there is no print format specified in the last arg, use the default format.
|
|
|
7a35c8 |
if ! [ "x$format" = x ] ; then
|
|
|
7a35c8 |
diff --git a/shared/remediations/bash/sshd_use_approved_macs.sh b/shared/remediations/bash/sshd_use_approved_macs.sh
|
|
|
7a35c8 |
index c6e1c29..b93809a 100644
|
|
|
7a35c8 |
--- a/shared/remediations/bash/sshd_use_approved_macs.sh
|
|
|
7a35c8 |
+++ b/shared/remediations/bash/sshd_use_approved_macs.sh
|
|
|
7a35c8 |
@@ -1,6 +1,6 @@
|
|
|
7a35c8 |
# platform = multi_platform_rhel
|
|
|
7a35c8 |
-grep -qi ^MACs /etc/ssh/sshd_config && \
|
|
|
7a35c8 |
- sed -i "s/MACs.*/MACs hmac-sha2-512,hmac-sha2-256,hmac-sha1/gI" /etc/ssh/sshd_config
|
|
|
7a35c8 |
-if ! [ $? -eq 0 ]; then
|
|
|
7a35c8 |
- echo "MACs hmac-sha2-512,hmac-sha2-256,hmac-sha1" >> /etc/ssh/sshd_config
|
|
|
7a35c8 |
-fi
|
|
|
7a35c8 |
+
|
|
|
7a35c8 |
+# Include source function library.
|
|
|
7a35c8 |
+. /usr/share/scap-security-guide/remediation_functions
|
|
|
7a35c8 |
+
|
|
|
7a35c8 |
+replace_or_append '/etc/ssh/sshd_config' '^MACs' 'hmac-sha2-512,hmac-sha2-256,hmac-sha1' 'CCENUM' '%s %s'
|
|
|
7a35c8 |
diff --git a/shared/xccdf/remediation_functions.xml b/shared/xccdf/remediation_functions.xml
|
|
|
7a35c8 |
index dc14346..f2f2e62 100644
|
|
|
7a35c8 |
--- a/shared/xccdf/remediation_functions.xml
|
|
|
7a35c8 |
+++ b/shared/xccdf/remediation_functions.xml
|
|
|
7a35c8 |
@@ -1152,7 +1152,7 @@ function replace_or_append {
|
|
|
7a35c8 |
|
|
|
7a35c8 |
# Strip any search characters in the key arg so that the key can be replaced without
|
|
|
7a35c8 |
# adding any search characters to the config file.
|
|
|
7a35c8 |
- stripped_key=${key//[!a-zA-Z]/}
|
|
|
7a35c8 |
+ stripped_key=$(sed "s/[\^=\$,;+]*//g" <<< $key)
|
|
|
7a35c8 |
|
|
|
7a35c8 |
# If there is no print format specified in the last arg, use the default format.
|
|
|
7a35c8 |
if ! [ "x$format" = x ] ; then
|