xccdf_org.ssgproject.content_rule_harden_sshd_ciphers_openssh_conf_crypto_policy (CCE-85902-5) fails due to excess whitespace

[red-avalanche]

Share the context

After installing RHEL 8.10 using kickstart with following configuration:

%addon org_fedora_oscap
    content-type = datastream
    content-url = $MY_URL/ssg-rhel8-ds-1.2_0.1.73.xml
    datastream-id = scap_org.open-scap_datastream_from_xccdf_ssg-rhel8-xccdf.xml
    xccdf-id = scap_org.open-scap_cref_ssg-rhel8-xccdf.xml
    profile = xccdf_org.ssgproject.content_profile_stig
    fingerprint = 40c7d18cb94f440866e5e9d1650d4af2ba2caa3a19a94847e8e420f435f0f065
%end

I ran an oscap scan using the xccdf_org.ssgproject.content_profile_stig profile.

Description of problem:

Rule ID xccdf_org.ssgproject.content_rule_harden_sshd_ciphers_openssh_conf_crypto_policy failed despite the openssh.config line it was complaining about matching. Except when I copy/pasted the content I found that the check text is misformatted:

Ciphers aes256-ctr,aes192-ctr,aes128-ctr,[email protected],[email protected]
            

There is extra whitespace and it's failing the check due to this unnecessary whitespace. Manual testing showed if there was not both a newline plus the 12 spaces the check will fail despite the extra whitespace having no actual effect.

Proposed change:

The text to match against should not include the excess whitespace.

[red-avalanche]

There is a similar issue with xccdf_org.ssgproject.content_rule_harden_sshd_ciphers_opensshserver_conf_crypto_policy:

-oCiphers=aes256-ctr,aes192-ctr,aes128-ctr,[email protected],[email protected]
         

[vojtapolasek]

Hello @red-avalanche and thank you for the issue. These rules have been recently updated. Could you confirm if this is still an issue? And if yes, could you tell me what data artifact are you refering to regarding extraneous white spaces? is it a datastream? An HTML file? Thank you.