UMASK is not set correctly for /etc/login.defs

[merillr]

Description of problem:

When executing tag DISA_STIG_RHEL_08_020351, the regexp doesn't match the full line, so var_accounts_user_umask is not replacing the existing value.

Operating System Version:

RHEL 8.6

Steps to Reproduce:

1. Run playbook with redhatofficial.rhel8_stig role and DISA-STIG-RHEL-08-020351 tag

Actual Results:

/etc/login.defs UMASK 077 022

Expected Results:

UMASK 077

Additional Information/Debugging Steps:

Possible fix may be to change regexp: ^UMASK to regexp: ^UMASK.*

Other tasks modifying /etc/login.defs may have similar issues because of the regexps.

[ggbecker]

This is the afftected rule: https://github.com/ComplianceAsCode/content/blob/master/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_login_defs/rule.yml

accounts_umask_etc_login_defs

[ggbecker]

I may have found another similar issue here @marcusburghardt:

https://github.com/ComplianceAsCode/content/blob/8abc99327c0e2fd529195a0ac962b52c27141fd2/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_profile/ansible/shared.yml#L11

The regex: (^[\s]*[^#]umask)\s+(\d+) doesn't match umask 077 for example.

https://regex101.com/r/qoL1w7/1

[marcusburghardt]

I may have found another similar issue here @marcusburghardt:

https://github.com/ComplianceAsCode/content/blob/8abc99327c0e2fd529195a0ac962b52c27141fd2/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_profile/ansible/shared.yml#L11

The regex: (^[\s]*[^#]umask)\s+(\d+) doesn't match umask 077 for example.

https://regex101.com/r/qoL1w7/1

For the accounts_umask_etc_profile rule it was fixed in this commit: https://github.com/ComplianceAsCode/content/pull/9496/commits/cbf8658dac7607e6b364a13b1da98f0c9e79b6d3