Gabriel Becker

I have refreshed the PR with some more changes and I believe it should be good to go.

There was a problem in the CPE conditionals which hopefully is fixed by: [bbd391e](https://github.com/ComplianceAsCode/content/pull/9412/commits/bbd391e2105ab25863760140b277137da3b84e85) ``` Start 186: rhel9-bash-shellcheck 185/262 Test #186: rhel9-bash-shellcheck .................................................***Failed 19.60 sec In /__w/content/content/build/rhel9/fixes/bash/kerberos_disable_no_keytab.sh line 3: if...

one extra fix was needed in the line (check if the variable was defined first: ` when: result_umask_is_correctly_set.found is defined and result_umask_is_correctly_set.found == 0`

> This requirement itself is actually bugged upstream as it doesn't account for EFI installs which keep their `grub.cfg` in a different place. > > It doesn't satisfy CIS CAT...

This is the afftected rule: https://github.com/ComplianceAsCode/content/blob/master/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_login_defs/rule.yml accounts_umask_etc_login_defs

I may have found another similar issue here @marcusburghardt: https://github.com/ComplianceAsCode/content/blob/8abc99327c0e2fd529195a0ac962b52c27141fd2/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_profile/ansible/shared.yml#L11 The regex: `(^[\s]*[^#]umask)\s+(\d+)` doesn't match `umask 077` for example. https://regex101.com/r/qoL1w7/1

The name of the service should probably be validated: https://github.com/ComplianceAsCode/content/blob/3f22075c6c6f073921bf849a56ffbdddbf8f4ab4/linux_os/guide/services/ntp/service_timesyncd_enabled/rule.yml#L41-L46 https://github.com/ComplianceAsCode/content/blob/3f22075c6c6f073921bf849a56ffbdddbf8f4ab4/linux_os/guide/services/ntp/service_ntpd_enabled/rule.yml#L42-L46 If you can please check the service name and package name for those services in ubuntu18.04 and ubuntu20.04 and...

@dodys maybe those services need the `@ubuntu2004` `@ubuntu1804` modifiers in the template data. Feel free to implement these.

Can you check with latest versions of the ansible role to see if the problem still persists?

> The following rules are pending investigation: > > * xccdf_org.ssgproject.content_rule_rpm_verify_hashes - fail > > * xccdf_org.ssgproject.content_rule_rpm_verify_permissions - fail > > * xccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_shadow - fail and this: `xccdf_org.ssgproject.content_rule_sssd_enable_smartcards - fail`...