OpenSCAP Ubuntu 20.04 STIG Profile Issue with Banner Test

[bdou]

Description of problem:

The DISA STIG item UBTU-20-010038 says that "The Ubuntu operating system must display the Standard Mandatory DoD Notice and Consent Banner before granting any local or remote connection to the system." However, when the notice is copied into /etc/issue.net, and the OpenSCAP 1.2.16 tool is run (with profile Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide (STIG) V1R9), there is a failure in the test, "Modify the System Login Banner for Remote Connections." The only text that does pass the scan is "Authorized uses only. All activity may be monitored and reported" - which is not part of the STIG requirements.

Details:

This content is not aligned with content from the Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide V1R11.

The misalignment affects these profiles:

• Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide (STIG) V1R9

The misalignment affects these rules:

• Rule ID: SV-238214r858525_rule
• Rule Title: The Ubuntu operating system must display the Standard Mandatory DoD Notice and Consent Banner before granting any local or remote connection to the system.

Outcome:

• [ ] This project's content can be improved:
  • [ ] Check needs to be improved.

SCAP Security Guide Version:

https://github.com/ComplianceAsCode/content/releases/download/v0.1.72/scap-security-guide-0.1.72.zip

External Content's Version:

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_CAN_Ubuntu_20-04_LTS_V1R11_STIG.zip

[dodys]

This seems to relate to the added new variable that was not communicated: https://github.com/ComplianceAsCode/content/pull/10161

Adding the variable remote_login_banner_text with the appropriate value should fix this.

[alanmcanonical]

Could you please share more (debug) information/evaluation result/console output?