Regexp does not correctly detect PermitUserEnvironment for MEDIUM | RHEL-08-010830 | PATCH | #314
Labels
bug
Something isn't working
Comments
|
Please close this issue, something else is occurring in the environment that I have not yet fully researched. |
|
This is not a bug. |
Can you elaborate? I'm opening an issue on this same task as the current REGEX doesn't correctly adjust when the line in the |
|
So when you execute that code block by itself it works as intended but when used with the entire playbook and role for whatever reason it does not appear to execute. I will review later today and post something proper.
…On Wed, Dec 11, 2024 at 10:24 PM Daniel Linder ***@***.***> wrote:
This is not a bug.
Can you elaborate? I'm opening an issue on this same task as the current
REGEX doesn't correctly adjust when the line in the sshd_config is simply:
#PermitUserEnvironment no`
``
In this case the `regex:` in the `lineinfile:` module matches that line (with the leading `#`), and sees that it's already `no` and assumes it is ok.
I'm not sure what corner cases the '(?i)^#?PermitUserEnvironment' regex was trying to handle, but changing the `regex:` (remove the `#?`) appears to work as intended.
See issue #316 for my notes.
—
Reply to this email directly, view it on GitHub
<#314 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AXYRN3ODVIQWT57XDSOULTD2FD6VFAVCNFSM6AAAAABRZOTUWCVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDKMZXG4ZDIMBUGU>
.
You are receiving this because you modified the open/close state.Message
ID: ***@***.***>
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the Issue
The ansible play for detecting PermitUserEnvironment in the /etc/ssh/sshd_config:
regexp: '(?i)^#?PermitUserEnvironment'
Does not appear to correctly detect the "#PermitUserEnvironment" entry.
Expected Behavior
The expected behavior for this ansible play would be to uncomment #PermitUserEnvironment no to PermitUserEnvironment no.
Actual Behavior
Because the regexp does not appear to even find #PermitUserEnvironment it does not remove the comment.
Control(s) Affected
Because this ansible play does detect #PermitUserEnvironment it does not remove the comment so therefore the stig is not applied.
Environment (please complete the following information):
Additional Notes
Anything additional goes here
Possible Solution
Possible solution would be to replace the regexp entry with, have not tested this as of yet:
regexp: '^(#)?PermitUserEnvironment\b'
The text was updated successfully, but these errors were encountered: