cis_1.8.2 failed. Modifications needed to align with RHEL9-CIS role

[levaillx]

Describe the Issue Commands gdm_profile_banner and gdm_banner_msg are not aligned with the modifications applied by RHEL9-CIS (1.3.2). Commands fail even if the configuration is correctly set.

Expected Behavior Count: 4, Failed: 0, Skipped: 0

Actual Behavior Count: 4, Failed: 2, Skipped: 0

Control(s) Affected cis 1.8.2

Environment:

• branch being used: benchmark_v1.0.0
• Ansible Version: 2.16.11
• Host Python Version: 3.9.18
• Ansible Server Python Version: 3.9.18
• Additional Details:

Additional Notes

Possible Solution Minor modifications:

@@ -7,9 +7,8 @@
     exit-status: 0
     stdout:
     - '/^user-db:user/'
-    - '/^system-db:user/'
+    - '/^system-db:gdm/'
     - '/^file-db:\/usr\/share\/gdm\/greeter-dconf-defaults/'
-    - "/^banner-message-text=\'{{ .Vars.rhel9cis_warning_banner }}\'/"
     meta:
       server: 1
       workstation: 1
@@ -22,7 +21,7 @@
       CISv8_IG3: true
   gdm_banner_msg:
     title: 1.8.2 | Ensure GDM login banner is configured
-    exec: grep "[org/gnome/login-screen]" /etc/dconf/db/gdm.d/* | grep banner-message
+    exec: grep "[org/gnome/login-screen]" /etc/dconf/db/gdm.d/01-banner-message | grep banner-message
     exit-status:
       or:
       - 0
@@ -30,7 +29,7 @@
     stdout:
     - '/^banner-message-enable=true/'
     - '!/^banner-message-enable=false/'
-    - "/^banner-message-text=\'{{ .Vars.rhel9cis_warning_banner }}\'/"
+    - "/^banner-message-text=\"{{ .Vars.rhel9cis_warning_banner }}\"/"
     meta:
       server: 1
       workstation: 1

[uk-bolly]

hi @levaillx

Thank you for your time and feedback. There is a new branch created to address the issues you have raised which i hope to get merged later today.

Many thanks

uk-bolly