RHEL-08-040126 - Grep command fails matching due to '-w' switch

[derekbentson]

Describe the Issue The grep statement that populates register rhel8stig_040126_var_log_status does not match when the /var/log line has 1 trailing space followed by a word. This is a standard syntax for /etc/fstab.

The grep command in question: https://github.com/ansible-lockdown/RHEL8-STIG/blob/54f296f2eea55795efe654a5de9bfefc3ebc51a0/tasks/fix-cat2.yml#L6297

The -w switch is utilized on the grep command, so the regex will match when the search string is surrounded by non-word constituent characters. But since a trailing space is included in the search string, this regex will only match when /var/log is followed by a space then another non-word character. If there is only 1 space following /var/log, and then a word, this regex will not match.

When the grep statement does not match any lines, the rhel8stig_040126_var_log_status register is unpopulated, and the script does not add the nodev,nosuid,noexec options to the mountpoint.

Expected Behavior Expected to match outputs of the mount command that contain /var/log, but not /var/log/audit. Expected to change the /var/log mount options to include nodev,nosuid,noexec.

Actual Behavior Does not match any lines in our current deployment. The /var/log line output of mount on a test machine is: /dev/mapper/VolGroup-lv_log on /var/log type xfs (rw,relatime) After running the playbook, the options on /var/log are left the same.

Control(s) Affected RHEL-08-040126, RHEL-08-040127, RHEL-08-040128

Possible Solution Change grep statement in fix-cat2.yml, line 6297. Either:

1. Remove the -w switch. Change line to just: ansible.builtin.shell: mount | grep "/var/log "
2. If desired to handle tabs as well, utilize whitespace matching in regex. Something like: ansible.builtin.shell: mount | grep '\s\+/var/log\s\+'

[uk-bolly]

Merged to main closing Issue

thanks

uk-bolly