MEDIUM | RHEL-08-010295 - Lineinfile correction

[jmalpede]

The current CAT 2 fix for MEDIUM | RHEL-08-010295 appends the rhel8stig_gnutls_encryption variable after +VERS-ALL:, which results in an additiona +VERS-ALL: in the line:

SYSTEM=NONE:+MAC-ALL:-MD5:+GROUP-ALL:-GROUP-X25519:-GROUP-X448:+SIGN-ALL:-SIGN-RSA-MD5:-SIGN-RSA-SHA1:-SIGN-DSA-SHA1:-SIGN-ECDSA-SHA1:-SIGN-DSA-SHA224:-SIGN-DSA-SHA256:-SIGN-DSA-SHA384:-SIGN-DSA-SHA512:-SIGN-EDDSA-ED25519:-SIGN-EDDSA-ED448:+CIPHER-ALL:-CHACHA20-POLY1305:-CAMELLIA-256-GCM:-CAMELLIA-128-GCM:-CAMELLIA-256-CBC:-CAMELLIA-128-CBC:-3DES-CBC:-ARCFOUR-128:+ECDHE-RSA:+ECDHE-ECDSA:+DHE-RSA:+VERS-ALL:+VERS-ALL:-VERS-DTLS0.9:-VERS-SSL3.0:-VERS-TLS1.0:-VERS-TLS1.1:-VERS-DTLS1.0

Expected Behavior
When the line should have only one +VERS-ALL:.
SYSTEM=NONE:+MAC-ALL:-MD5:+GROUP-ALL:-GROUP-X25519:-GROUP-X448:+SIGN-ALL:-SIGN-RSA-MD5:-SIGN-RSA-SHA1:-SIGN-DSA-SHA1:-SIGN-ECDSA-SHA1:-SIGN-DSA-SHA224:-SIGN-DSA-SHA256:-SIGN-DSA-SHA384:-SIGN-DSA-SHA512:-SIGN-EDDSA-ED25519:-SIGN-EDDSA-ED448:+CIPHER-ALL:-CHACHA20-POLY1305:-CAMELLIA-256-GCM:-CAMELLIA-128-GCM:-CAMELLIA-256-CBC:-CAMELLIA-128-CBC:-3DES-CBC:-ARCFOUR-128:+ECDHE-RSA:+ECDHE-ECDSA:+DHE-RSA:+VERS-ALL:-VERS-DTLS0.9:-VERS-SSL3.0:-VERS-TLS1.0:-VERS-TLS1.1:-VERS-DTLS1.0

Control(s) Affected
Vul ID: V-230256 Rule ID: SV-230256r877394_rule STIG ID: RHEL-08-010295

Environment (please complete the following information):

• Ansible Version: 2.10
• RHEL 8

Possible Solution
Change the rhel8stig_gnutls_encryption variable by dropping the "+VERS-ALL:" to correct the line to the correct format.
rhel8stig_gnutls_encryption: "-VERS-DTLS0.9:-VERS-SSL3.0:-VERS-TLS1.0:-VERS-TLS1.1:-VERS-DTLS1.0"

[uk-bolly]

hi @jmalpede

Thank you as always for taking the time to raise the issue and provide a solution. We are happy to say this fix is now in the latest release.

I will therefore close this issue.

thanks

uk-bolly