|
 |
e33168 |
From b0eb3b7f7baa1a57dac3e373209d20bd55b3f215 Mon Sep 17 00:00:00 2001
|
|
|
e33168 |
From: =?UTF-8?q?Mat=C4=9Bj=20T=C3=BD=C4=8D?= <matyc@redhat.com>
|
|
|
e33168 |
Date: Tue, 26 Jun 2018 11:42:49 +0200
|
|
|
e33168 |
Subject: [PATCH 1/2] Added implicit double quoting of substituted vars.
|
|
|
e33168 |
|
|
|
e33168 |
Variables in Ansible may be wrongly interpreted if they are not quoted
|
|
|
e33168 |
(i.e. yes, 077 will be converted to bool and octal respectively).
|
|
|
e33168 |
Unlike single quotes, double quotes may be escaped.
|
|
|
e33168 |
|
|
|
e33168 |
Fixes: #2989
|
|
|
e33168 |
---
|
|
|
e33168 |
ssg/build_remediations.py | 2 +-
|
|
|
e33168 |
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
e33168 |
|
|
|
e33168 |
diff --git a/shared/utils/combine-remediations.py b/shared/utils/combine-remediations.py
|
|
|
e33168 |
index ca6ce96b79..ece3765d56 100644
|
|
|
e33168 |
--- a/shared/utils/combine-remediations.py
|
|
|
e33168 |
+++ b/shared/utils/combine-remediations.py
|
|
|
e33168 |
@@ -194,7 +194,7 @@ def expand_xccdf_subs(fix, remediation_type, remediation_functions):
|
|
|
e33168 |
r"- \(xccdf-var\s+(\S+)\)",
|
|
|
e33168 |
r"- name: XCCDF Value \1 # promote to variable\n"
|
|
|
e33168 |
r" set_fact:\n"
|
|
|
e33168 |
- r" \1: (ansible-populate \1)\n"
|
|
|
e33168 |
+ r' \1: "(ansible-populate \1)"\n'
|
|
|
e33168 |
r" tags:\n"
|
|
|
e33168 |
r" - always",
|
|
|
e33168 |
fix_text
|
|
|
e33168 |
|
|
|
e33168 |
From a1693c2015a5513a871366f48ce1c3d83ecd9bde Mon Sep 17 00:00:00 2001
|
|
|
e33168 |
From: =?UTF-8?q?Mat=C4=9Bj=20T=C3=BD=C4=8D?= <matyc@redhat.com>
|
|
|
e33168 |
Date: Tue, 26 Jun 2018 14:04:55 +0200
|
|
|
e33168 |
Subject: [PATCH 2/2] Made the UMASK check in login.defs case-insensitive.
|
|
|
e33168 |
|
|
|
e33168 |
The guide says it should be UMASK, not umask, and man login.defs says the same.
|
|
|
e33168 |
---
|
|
|
e33168 |
shared/checks/oval/accounts_umask_etc_login_defs.xml | 2 +-
|
|
|
e33168 |
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
e33168 |
|
|
|
e33168 |
diff --git a/shared/checks/oval/accounts_umask_etc_login_defs.xml b/shared/checks/oval/accounts_umask_etc_login_defs.xml
|
|
|
e33168 |
index 22b67cf0dd..513632b56a 100644
|
|
|
e33168 |
--- a/shared/checks/oval/accounts_umask_etc_login_defs.xml
|
|
|
e33168 |
+++ b/shared/checks/oval/accounts_umask_etc_login_defs.xml
|
|
|
e33168 |
@@ -18,7 +18,7 @@
|
|
|
e33168 |
|
|
|
e33168 |
comment="Umask value from /etc/login.defs" version="1">
|
|
|
e33168 |
<ind:filepath>/etc/login.defs</ind:filepath>
|
|
|
e33168 |
- <ind:pattern operation="pattern match">^[\s]*(?i)UMASK(?-i)[\s]+([^#\s]*)</ind:pattern>
|
|
|
e33168 |
+ <ind:pattern operation="pattern match">^[\s]*UMASK[\s]+([^#\s]*)</ind:pattern>
|
|
|
e33168 |
<ind:instance datatype="int" operation="greater than or equal">1</ind:instance>
|
|
|
e33168 |
</ind:textfilecontent54_object>
|
|
|
e33168 |
|