replace_or_append.sh script is unable to check if configuration file has given entry when the keyword contains equals sign (^SELINUX=)

[ggbecker]

Description of problem:

replace_or_append.sh is unable to find configuration file occurrence for ^SELINUX= string pattern when there is equal sign in the end.

https://github.com/ComplianceAsCode/content/blob/75cdd3490cf02537880d62cceb9ece20eae5a8aa/shared/bash_remediation_functions/replace_or_append.sh#L70

The problem is in the word boundary, when it has the equal sign it is not able to detect the presence of such entry in a configuration file, for example the selinux_state rule.

This causes duplicated entries when executing: /usr/share/scap-security-guide/bash/ssg-rhel8-role-ospp.sh for example.

SCAP Security Guide Version:

0.1.46

Operating System Version:

Any

Steps to Reproduce:

1. grep -q -m 1 -i -e "^SELINUX=\>" /etc/sysconfig/selinux

Actual Results:

exit code 1

Expected Results:

exit code 0

Addition Information/Debugging Steps:

https://bugzilla.redhat.com/show_bug.cgi?id=1750526

Removing the equals sign from ^SELINUX= appears to fix the problem, but it might impact in some other aspect. From:

https://github.com/ComplianceAsCode/content/blob/75cdd3490cf02537880d62cceb9ece20eae5a8aa/linux_os/guide/system/selinux/selinux_state/bash/shared.sh#L7

[ggbecker]

@matejak do you have any thoughts on this?

[matejak]

We try to move from replace_or_append to Jinja lineinfile macros. Those macros can be unit-tested, so hopefully we can switch the remediation implementation with no regressions.

[yuumasato]

Fixed by #5785