Description of problem:
When applying bash remediation for dconf_gnome_login_banner_text using dod_banners (selected by STIG profile), the sed command listed below does not escape properly newlines causing the remediation to create newlines instead of actual \n character, this only occurs when the configuration file (/etc/dconf/db/gdm.d/00-security-settings) already exists and contains [org/gnome/login-screen] (this can be caused by dconf_gnome_banner_enabled rule), which is the condition to execute these sed commands.
|
sed -i "s/${_key}\s*=\s*.*/${_key}=${_value}/g" "${SETTINGSFILES[@]}" |
|
sed -i "\|\[${_path}]|a\\${_key}=${_value}" "${SETTINGSFILES[@]}" |
Basically, this piece of code has multiple problems and needs to be revisited:
if grep -q "^(?!#)${_key}" ${SETTINGSFILES[@]} # here it is not matching properly the key
then
sed -i "s/${_key}\s*=\s*.*/${_key}=${_value}/g" ${SETTINGSFILES[@]}
else
sed -i "\|\[${_path}]|a\\${_key}=${_value}" ${SETTINGSFILES[@]}
fi
SCAP Security Guide Version:
scap-security-guide-0.1.40-12.el7.noarch
Operating System Version:
RHEL7.6
Steps to Reproduce:
- echo "[org/gnome/login-screen]" > /etc/dconf/db/gdm.d/00-security-settings
- oscap xccdf eval --profile stig-rhel7-disa --rule xccdf_org.ssgproject.content_rule_dconf_gnome_login_banner_text --remediate /usr/share/xml/scap/ssg/content/ssg-rhel7-ds.xml
- cat /etc/dconf/db/gdm.d/00-security-settings
Actual Results:
1 - Text contains newlines
2 - Duplicate content when running twice
Expected Results:
1 - Text contains \n\n
2 - No text is duplicated when running multiple times
Addition Information/Debugging Steps:
#3679 (not merged yet) Already address some known issues related to this rule, consider include the fix in the PR scope.
Following issues hit the same problem:
https://bugzilla.redhat.com/show_bug.cgi?id=1659537
OpenSCAP/scap-workbench#224
Description of problem:
When applying bash remediation for
dconf_gnome_login_banner_textusing dod_banners (selected by STIG profile), thesedcommand listed below does not escape properly newlines causing the remediation to create newlines instead of actual\ncharacter, this only occurs when the configuration file (/etc/dconf/db/gdm.d/00-security-settings) already exists and contains[org/gnome/login-screen](this can be caused bydconf_gnome_banner_enabledrule), which is the condition to execute thesesedcommands.content/shared/bash_remediation_functions/include_dconf_settings.sh
Line 39 in b6eedfd
content/shared/bash_remediation_functions/include_dconf_settings.sh
Line 41 in b6eedfd
Basically, this piece of code has multiple problems and needs to be revisited:
SCAP Security Guide Version:
scap-security-guide-0.1.40-12.el7.noarch
Operating System Version:
RHEL7.6
Steps to Reproduce:
Actual Results:
1 - Text contains newlines
2 - Duplicate content when running twice
Expected Results:
1 - Text contains \n\n
2 - No text is duplicated when running multiple times
Addition Information/Debugging Steps:
#3679 (not merged yet) Already address some known issues related to this rule, consider include the fix in the PR scope.
Following issues hit the same problem:
https://bugzilla.redhat.com/show_bug.cgi?id=1659537
OpenSCAP/scap-workbench#224