Fix REGEX for RHEL-08-010830.

[dglinder]

Describe the Issue
While STIG'ing a RHEL-8 system we found that the STIG for RHEL-08-010830 was not being set properly.

Expected Behavior
The PermitUserEnvironment no line is setup/confirmed in the /etc/ssh/sshd_config file.

Actual Behavior
Given this initial /etc/ssh/sshd_conf had this line:

#PermitUserEnvironment no

Executing the task in question is this one from tasks/fix-cat2.yml, lines 2723..2727:

- name: "MEDIUM | RHEL-08-010830 | PATCH | RHEL 8 must not allow users to override SSH environment variables."
  ansible.builtin.lineinfile:
      path: /etc/ssh/sshd_config
      regexp: '(?i)^#?PermitUserEnvironment'
      line: 'PermitUserEnvironment no'
      validate: '/usr/sbin/sshd -T -f %s'
  notify: restart sshd

Does not produce the desired PermitUserEnvironment no in the /etc/ssh/sshd_config file; the regex: matches the existing commented-out line which is treated as being already set and the task continues without a change.

I'm not sure what corner cases the '(?i)^#?PermitUserEnvironment' regex was trying to handle, but the base sshd_config file that RHEL-8 provides causes this search to match on the commented out #PermitUserEnvironment no line and determine that there is nothing to change.

When we adjust the regex: - remove the #? - the task is successful.

Suggested fix:

      regexp: '(?i)^PermitUserEnvironment'

Note: We saw that #314 was opened and closed with no resolution - reporter found other issues in their environment.

Control(s) Affected
This appears to be strictly for the RHEL-08-010830 control.

Environment (please complete the following information):

• An older branch from early 2024
  • The regex: is still the same as the development branch linked above.
• Ansible Version: ansible-core 2.14.13
• Host Python Version: unknown
• Ansible Server Python Version: unknown
• Additional Details: n/a

Additional Notes
Nothing to add.

Possible Solution
Adjust regex: as noted above.