From 25535a287e309f810316c504f064c1f1f3e55dd8 Mon Sep 17 00:00:00 2001
From: Kai Kang <kai.kang@windriver.com>
Date: Thu, 22 Mar 2018 16:35:57 +0800
Subject: [PATCH] ftp_present_banner: update pattern in oval file and add
 remediation

No space is allowed between the option, = and value in vsftpd.conf, so
update pattern to obey the rule.

Add bash remediation of ftp_present_banner too.

Signed-off-by: Kai Kang <kai.kang@windriver.com>
---
 shared/checks/oval/ftp_present_banner.xml | 2 +-
 shared/fixes/bash/ftp_present_banner.sh   | 5 +++++
 2 files changed, 6 insertions(+), 1 deletion(-)
 create mode 100644 shared/fixes/bash/ftp_present_banner.sh

diff --git a/shared/checks/oval/ftp_present_banner.xml b/shared/checks/oval/ftp_present_banner.xml
index 987ab67a6d94..48dbe35aa664 100644
--- a/shared/checks/oval/ftp_present_banner.xml
+++ b/shared/checks/oval/ftp_present_banner.xml
@@ -21,7 +21,7 @@
   </ind:textfilecontent54_test>
   <ind:textfilecontent54_object comment="Banner for FTP Users" id="object_test_ftp_present_banner" version="1">
     <ind:filepath>/etc/vsftpd/vsftpd.conf</ind:filepath>
-    <ind:pattern operation="pattern match">^[\s]*banner_file[\s]*=[\s]*/etc/issue*$</ind:pattern>
+    <ind:pattern operation="pattern match">^[\s]*banner_file=/etc/issue[\s]*$</ind:pattern>
     <ind:instance datatype="int" operation="greater than or equal">1</ind:instance>
   </ind:textfilecontent54_object>
 </def-group>
diff --git a/shared/fixes/bash/ftp_present_banner.sh b/shared/fixes/bash/ftp_present_banner.sh
new file mode 100644
index 000000000000..a3b97d18c4c3
--- /dev/null
+++ b/shared/fixes/bash/ftp_present_banner.sh
@@ -0,0 +1,5 @@
+# platform = multi_platform_wrlinux
+
+. /usr/share/scap-security-guide/remediation_functions
+
+replace_or_append '/etc/vsftpd.conf' '^banner_file' '/etc/issue' '@CCENUM@' '%s=%s'