Update dconf controls in Ubuntu 24.04 STIG

[mpurg]

Description:

Updated and added new controls as part of STIG V1R4 update:

• UBTU-24-200040
• UBTU-24-200041
• UBTU-24-200042
• UBTU-24-200043

[dodys]

@mpurg the tests are failing it seems.

[github-actions]

This datastream diff is auto generated by the check Compare DS/Generate Diff

Click here to see the full diff

New content has different text for rule 'xccdf_org.ssgproject.content_rule_harden_ssh_client_crypto_policy'.
--- xccdf_org.ssgproject.content_rule_harden_ssh_client_crypto_policy
+++ xccdf_org.ssgproject.content_rule_harden_ssh_client_crypto_policy
@@ -4,7 +4,7 @@
 
 [description]:
 Crypto Policies are means of enforcing certain cryptographic settings for selected applications including OpenSSH client.
-To override the system wide crypto policy for Openssh client, place a file in the /etc/ssh/ssh_config.d directory so that it is loaded before the 05-redhat.conf. In this case it is the /etc/ssh/ssh_config.d/02-ospp.conf file containing parameters which need to be changed with respect to the crypto policy.
+To override the system wide crypto policy for Openssh client, place a file in the /etc/ssh/ssh_config.d/ so that it is loaded before the 05-redhat.conf. In this case it is file named 02-ospp.conf containing parameters which need to be changed with respect to the crypto policy.
 This rule checks if the file exists and if it contains required parameters and values which modify the Crypto Policy.
 During the parsing process, as soon as Openssh client parses some configuration option and its value, it remembers it and ignores any subsequent overrides. The customization mechanism provided by crypto policies appends eventual customizations at the end of the system wide crypto policy. Therefore, if the crypto policy customization overrides some parameter which is already configured in the system wide crypto policy, the SSH client will not honor that customized parameter.
 

bash remediation for rule 'xccdf_org.ssgproject.content_rule_harden_ssh_client_crypto_policy' differs.
--- xccdf_org.ssgproject.content_rule_harden_ssh_client_crypto_policy
+++ xccdf_org.ssgproject.content_rule_harden_ssh_client_crypto_policy
@@ -1,6 +1,5 @@
 
 #the file starts with 02 so that it is loaded before the 05-redhat.conf which activates configuration provided by system vide crypto policy
-
 file="/etc/ssh/ssh_config.d/02-ospp.conf"
 echo -e "Match final all\n\
 RekeyLimit 512M 1h\n\

bash remediation for rule 'xccdf_org.ssgproject.content_rule_ssh_client_rekey_limit' differs.
--- xccdf_org.ssgproject.content_rule_ssh_client_rekey_limit
+++ xccdf_org.ssgproject.content_rule_ssh_client_rekey_limit
@@ -1,6 +1,8 @@
 
 var_ssh_client_rekey_limit_size=''
 var_ssh_client_rekey_limit_time=''
+
+
 main_config="/etc/ssh/ssh_config"
 include_directory="/etc/ssh/ssh_config.d"
 

ansible remediation for rule 'xccdf_org.ssgproject.content_rule_ssh_client_rekey_limit' differs.
--- xccdf_org.ssgproject.content_rule_ssh_client_rekey_limit
+++ xccdf_org.ssgproject.content_rule_ssh_client_rekey_limit
@@ -26,7 +26,7 @@
 
 - name: Collect all include config files for ssh client which configure RekeyLimit
   ansible.builtin.find:
-    paths: /etc/ssh/ssh_config.d
+    paths: /etc/ssh/ssh_config.d/
     contains: ^[\s]*RekeyLimit.*$
     patterns: '*.config'
   register: ssh_config_include_files

[dodys]

lgtm, thanks!