xccdf_org.ssgproject.content_rule_harden_sshd_ciphers_openssh_conf_crypto_policy (CCE-85902-5) fails due to excess whitespace

[red-avalanche]

Share the context

After installing RHEL 8.10 using kickstart with following configuration:

%addon org_fedora_oscap
    content-type = datastream
    content-url = $MY_URL/ssg-rhel8-ds-1.2_0.1.73.xml
    datastream-id = scap_org.open-scap_datastream_from_xccdf_ssg-rhel8-xccdf.xml
    xccdf-id = scap_org.open-scap_cref_ssg-rhel8-xccdf.xml
    profile = xccdf_org.ssgproject.content_profile_stig
    fingerprint = 40c7d18cb94f440866e5e9d1650d4af2ba2caa3a19a94847e8e420f435f0f065
%end

I ran an oscap scan using the xccdf_org.ssgproject.content_profile_stig profile.

Description of problem:

Rule ID xccdf_org.ssgproject.content_rule_harden_sshd_ciphers_openssh_conf_crypto_policy failed despite the openssh.config line it was complaining about matching. Except when I copy/pasted the content I found that the check text is misformatted:

Ciphers aes256-ctr,aes192-ctr,aes128-ctr,[email protected],[email protected]
            

There is extra whitespace and it's failing the check due to this unnecessary whitespace. Manual testing showed if there was not both a newline plus the 12 spaces the check will fail despite the extra whitespace having no actual effect.

Proposed change:

The text to match against should not include the excess whitespace.