Rule kernel_module_usb-storage_disabled fails bashfix remediation on Amazon Linux 2 (AMZN2)

[bucs-fan813]

Description of problem:

bash-fix remediation uses invalid sed syntax for content_rule_kernel_module_usb-storage_disabled. sed replacement must escape the forward / in /path/to/file (ie: /bin/true should be \/bin\/true). Also for consistency, the fix should match the fix text of the actual stig which looks for /bin/false instead of /bin/true.

SCAP Security Guide Version:

v0.1.73

Operating System Version:

Amazon Linux 2

Steps to Reproduce:

1. oscap xccdf generate fix --profile xccdf_org.ssgproject.content_profile_stig-rhel7-disa --fix-type bash /usr/share/xml/scap/ssg/content/ssg-amzn2-ds.xml > bashfix.sh
2. cat bashfix.sh | grep -A 5 xccdf_org.ssgproject.content_rule_kernel_module_usb-storage_disabled

Actual Results:

(>&2 echo "Remediating rule #/#: 'xccdf_org.ssgproject.content_rule_kernel_module_usb-storage_disabled'")
if LC_ALL=C grep -q -m 1 "^install usb-storage" /etc/modprobe.d/usb-storage.conf ; then
	sed -i 's/^install usb-storage.*/install usb-storage /bin/true/g' /etc/modprobe.d/usb-storage.conf
else
	echo -e "\n# Disable per security requirements" >> /etc/modprobe.d/usb-storage.conf
	echo "install usb-storage /bin/true" >> /etc/modprobe.d/usb-storage.conf
fi

Expected Results:

(>&2 echo "Remediating rule #/#: 'xccdf_org.ssgproject.content_rule_kernel_module_usb-storage_disabled'")
if LC_ALL=C grep -q -m 1 "^install usb-storage" /etc/modprobe.d/usb-storage.conf ; then
	sed -i 's/^install usb-storage.*/install usb-storage \/bin\/false/g' /etc/modprobe.d/usb-storage.conf
else
	echo -e "\n# Disable per security requirements" >> /etc/modprobe.d/usb-storage.conf
	echo "install usb-storage /bin/false" >> /etc/modprobe.d/usb-storage.conf
fi

Additional Information/Debugging Steps:

DISA RHEL-7 STIG: V-204449