RHEL7-STIG icon indicating copy to clipboard operation
RHEL7-STIG copied to clipboard

Published 20 hours ago verified publisher icon ansible-lockdown

fix-cat1: RHEL-07-010482/010491

Open dirtyharrycallahan opened this issue 2 years ago • 1 comments

Describe the Issue Multiple entries in user.cfg

Expected Behavior Single GRUB2_PASSWORD in user.cfg

Actual Behavior If GRUB2_PASSWORD ... password_hash }} is not present it is added to user.cfg. On a password change the new password hash is added to the file.

Control(s) Affected RHEL-07-010482/RHEL-07-010491

Environment (please complete the following information): n/a

Additional Notes Last password entry wins and that may work most of the time but lets say we cycle through passwords A -> B -> A. First two times the file is changed but the third time the file is not updated and password "B" is the last entry.

Possible Solution Modify the regexp so that the in only one line in user.cfg that starts with GRUB2_PASSWORD=...

dirtyharrycallahan avatar May 10 '22 16:05 dirtyharrycallahan

hi @dirtyharrycallahan

Thank you for raising this issue, this is a great find. Apologies it has taken so long to get to it. It is only with feedback like this we can improve the playbooks we maintain. I am adding this fix into the next stig v3r8 release due in the devel in the next couple of days.

Very best regards

uk-bolly

uk-bolly avatar Aug 02 '22 09:08 uk-bolly