cshea
commented
6 years ago I have an update. If I use the grep -P 'regex' linked in the xml at the command line, they each correctly identify the occurrence. So it seems this is broken somewhere else.
Closed cshea closed 6 years ago
cshea
commented
6 years ago I have an update. If I use the grep -P 'regex' linked in the xml at the command line, they each correctly identify the occurrence. So it seems this is broken somewhere else.
Description of problem:
When using the latest prebuilt version of the scap-security-guide (scap-security-guide-0.1.37-1.el7.centos.noarch), openscap-1.2.16-1.el7.centos.x86_64, and openscap-1.2.16-1.el7.centos.x86_64 I am getting a failure on the sshd_config file with Compression no, Enable Encrypted X11 Forwarding, Disable SSH Access via Empty Passwords, Allow Only SSH Protocol 2, and other regular expression searchs.
SCAP Security Guide Version:
scap-security-guide-0.1.37-1.el7.centos.noarch)
Operating System Version:
CentOS 7.4 and RHEL7.4
Steps to Reproduce:
Actual Results:
Rule ID | xccdf_org.ssgproject.content_rule_sshd_disable_compression -- | -- Result | error Rule ID | xccdf_org.ssgproject.content_rule_sshd_enable_x11_forwarding -- | -- Result | error Rule ID | xccdf_org.ssgproject.content_rule_sshd_disable_empty_passwords -- | -- Result | error Rule ID | xccdf_org.ssgproject.content_rule_sshd_disable_rhosts -- | -- Result | error Rule ID | xccdf_org.ssgproject.content_rule_sshd_use_priv_separation -- | -- Result | error
Expected Results:
Pass for all of the above sshd_config.txt
Addition Information/Debugging Steps:
Verification of the regex patterns using sed -i and using the websites pythex and regex101 combined with attached sshd_config file shows no matches. Most of the regex (pythex and regex101 set to python) show errors in the regex.
I have attached a vaild sshd_config for use in debugging.