diff --git a/shared/remediations/bash/templates/remediation_functions b/shared/remediations/bash/templates/remediation_functions index 1ef7e19..40d8ad3 100644 --- a/shared/remediations/bash/templates/remediation_functions +++ b/shared/remediations/bash/templates/remediation_functions @@ -774,7 +774,7 @@ function replace_or_append { # Strip any search characters in the key arg so that the key can be replaced without # adding any search characters to the config file. - stripped_key=${key//[!a-zA-Z]/} + stripped_key=$(sed "s/[\^=\$,;+]*//g" <<< $key) # If there is no print format specified in the last arg, use the default format. if ! [ "x$format" = x ] ; then diff --git a/shared/remediations/bash/sshd_use_approved_macs.sh b/shared/remediations/bash/sshd_use_approved_macs.sh index c6e1c29..b93809a 100644 --- a/shared/remediations/bash/sshd_use_approved_macs.sh +++ b/shared/remediations/bash/sshd_use_approved_macs.sh @@ -1,6 +1,6 @@ # platform = multi_platform_rhel -grep -qi ^MACs /etc/ssh/sshd_config && \ - sed -i "s/MACs.*/MACs hmac-sha2-512,hmac-sha2-256,hmac-sha1/gI" /etc/ssh/sshd_config -if ! [ $? -eq 0 ]; then - echo "MACs hmac-sha2-512,hmac-sha2-256,hmac-sha1" >> /etc/ssh/sshd_config -fi + +# Include source function library. +. /usr/share/scap-security-guide/remediation_functions + +replace_or_append '/etc/ssh/sshd_config' '^MACs' 'hmac-sha2-512,hmac-sha2-256,hmac-sha1' 'CCENUM' '%s %s' diff --git a/shared/xccdf/remediation_functions.xml b/shared/xccdf/remediation_functions.xml index dc14346..f2f2e62 100644 --- a/shared/xccdf/remediation_functions.xml +++ b/shared/xccdf/remediation_functions.xml @@ -1152,7 +1152,7 @@ function replace_or_append { # Strip any search characters in the key arg so that the key can be replaced without # adding any search characters to the config file. - stripped_key=${key//[!a-zA-Z]/} + stripped_key=$(sed "s/[\^=\$,;+]*//g" <<< $key) # If there is no print format specified in the last arg, use the default format. if ! [ "x$format" = x ] ; then