From 4e22f69e3cf46330e1b0f8e248b67cfa57391df0 Mon Sep 17 00:00:00 2001
From: Mark Bolwell <mark.bollyuk@gmail.com>
Date: Wed, 30 Oct 2024 07:52:30 +0000
Subject: [PATCH 1/4] remooved legacy entries for controls

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
---
 vars/CIS.yml | 2 --
 1 file changed, 2 deletions(-)

diff --git a/vars/CIS.yml b/vars/CIS.yml
index 74539fd..95a3975 100644
--- a/vars/CIS.yml
+++ b/vars/CIS.yml
@@ -156,8 +156,6 @@ rhel9cis_rule_2_2_15: true
 rhel9cis_rule_2_2_16: true
 rhel9cis_rule_2_2_17: true
 rhel9cis_rule_2_2_18: true
-rhel9cis_rule_2_2_19: true
-rhel9cis_rule_2_2_20: true
 # 2.3 service clients
 rhel9cis_rule_2_3_1: true
 rhel9cis_rule_2_3_2: true

From 4e4bc006fcc036b7024a3d984f8cc91370ea3d68 Mon Sep 17 00:00:00 2001
From: Mark Bolwell <mark.bollyuk@gmail.com>
Date: Wed, 30 Oct 2024 08:58:49 +0000
Subject: [PATCH 2/4] issues #41 addressed thanks to @levaillx

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
---
 section_1/cis_1.8/cis_1.8.4.yml | 2 +-
 section_1/cis_1.8/cis_1.8.5.yml | 2 +-
 section_1/cis_1.8/cis_1.8.6.yml | 2 +-
 section_1/cis_1.8/cis_1.8.7.yml | 2 +-
 section_1/cis_1.8/cis_1.8.8.yml | 2 +-
 section_1/cis_1.8/cis_1.8.9.yml | 2 +-
 6 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/section_1/cis_1.8/cis_1.8.4.yml b/section_1/cis_1.8/cis_1.8.4.yml
index 58662e3..6cd7d2b 100644
--- a/section_1/cis_1.8/cis_1.8.4.yml
+++ b/section_1/cis_1.8/cis_1.8.4.yml
@@ -1,7 +1,7 @@
 {{ if .Vars.rhel9cis_gui }}
   {{ if .Vars.rhel9cis_rule_1_8_4 }}
 file:
-  /etc/dconf/db/{ .Vars.rhel9cis_dconf_db_name }.d/00-screensaver:
+  /etc/dconf/db/{{ .Vars.rhel9cis_dconf_db_name }}.d/00-screensaver:
     title: 1.8.4 | Ensure GDM screen locks when the user is idle
     exists: true
     contents:
diff --git a/section_1/cis_1.8/cis_1.8.5.yml b/section_1/cis_1.8/cis_1.8.5.yml
index 9da5ac6..145dc47 100644
--- a/section_1/cis_1.8/cis_1.8.5.yml
+++ b/section_1/cis_1.8/cis_1.8.5.yml
@@ -1,7 +1,7 @@
 {{ if .Vars.rhel9cis_gui }}
   {{ if .Vars.rhel9cis_rule_1_8_5 }}
 file:
-  /etc/dconf/db/{ .Vars.rhel9cis_dconf_db_name }.d/locks/00-screensaver_lock:
+  /etc/dconf/db/{{ .Vars.rhel9cis_dconf_db_name }}.d/locks/00-screensaver_lock:
     title: 1.8.5 | Ensure GDM screen locks cannot be overridden
     exists: true
     contents:
diff --git a/section_1/cis_1.8/cis_1.8.6.yml b/section_1/cis_1.8/cis_1.8.6.yml
index 7fa96e9..76f4138 100644
--- a/section_1/cis_1.8/cis_1.8.6.yml
+++ b/section_1/cis_1.8/cis_1.8.6.yml
@@ -1,7 +1,7 @@
 {{ if .Vars.rhel9cis_gui }}
   {{ if .Vars.rhel9cis_rule_1_8_6 }}
 file:
-  /etc/dconf/db/{ .Vars.rhel9cis_dconf_db_name }.d/00-media-automount:
+  /etc/dconf/db/{{ .Vars.rhel9cis_dconf_db_name }}.d/00-media-automount:
     title: 1.8.6 | Ensure GDM automatic mounting of removable media is disabled
     exists: true
     contents:
diff --git a/section_1/cis_1.8/cis_1.8.7.yml b/section_1/cis_1.8/cis_1.8.7.yml
index 5718238..ea5c6ca 100644
--- a/section_1/cis_1.8/cis_1.8.7.yml
+++ b/section_1/cis_1.8/cis_1.8.7.yml
@@ -1,7 +1,7 @@
 {{ if .Vars.rhel9cis_gui }}
   {{ if .Vars.rhel9cis_rule_1_8_7 }}
 file:
-  /etc/dconf/db/{ .Vars.rhel9cis_dconf_db_name }.d/locks/00-automount_lock:
+  /etc/dconf/db/{{ .Vars.rhel9cis_dconf_db_name }}.d/locks/00-automount_lock:
     title: 1.8.7 | Ensure GDM disabling automatic mounting of removable media is not overridden
     exists: true
     contents:
diff --git a/section_1/cis_1.8/cis_1.8.8.yml b/section_1/cis_1.8/cis_1.8.8.yml
index b115077..d743657 100644
--- a/section_1/cis_1.8/cis_1.8.8.yml
+++ b/section_1/cis_1.8/cis_1.8.8.yml
@@ -1,7 +1,7 @@
 {{ if .Vars.rhel9cis_gui }}
   {{ if .Vars.rhel9cis_rule_1_8_8 }}
 file:
-  /etc/dconf/db/{ .Vars.rhel9cis_dconf_db_name }.d/00-media-autorun:
+  /etc/dconf/db/{{ .Vars.rhel9cis_dconf_db_name }}.d/00-media-autorun:
     title: 1.8.8 | Ensure GDM autorun-never is enabled
     exists: true
     contents:
diff --git a/section_1/cis_1.8/cis_1.8.9.yml b/section_1/cis_1.8/cis_1.8.9.yml
index 489cfa7..4f726ae 100644
--- a/section_1/cis_1.8/cis_1.8.9.yml
+++ b/section_1/cis_1.8/cis_1.8.9.yml
@@ -1,7 +1,7 @@
 {{ if .Vars.rhel9cis_gui }}
   {{ if .Vars.rhel9cis_rule_1_8_9 }}
 file:
-  /etc/dconf/db/{ .Vars.rhel9cis_dconf_db_name }.d/locks/00-autorun_lock:
+  /etc/dconf/db/{{ .Vars.rhel9cis_dconf_db_name }}.d/locks/00-autorun_lock:
     title: 1.8.9 | Ensure GDM autorun-never is not overridden
     exists: true
     contents:

From e0c9997aed4e7faad07c92fac442e3b258207394 Mon Sep 17 00:00:00 2001
From: Mark Bolwell <mark.bollyuk@gmail.com>
Date: Wed, 30 Oct 2024 09:00:38 +0000
Subject: [PATCH 3/4] addressed #42 thanks to @levaillx

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
---
 section_2/cis_2.2/cis_2.2.18.yml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/section_2/cis_2.2/cis_2.2.18.yml b/section_2/cis_2.2/cis_2.2.18.yml
index 23dad00..9b0244f 100644
--- a/section_2/cis_2.2/cis_2.2.18.yml
+++ b/section_2/cis_2.2/cis_2.2.18.yml
@@ -3,13 +3,13 @@
     {{ if not .Vars.rhel9cis_use_rsync_service }}
 package:
   rsync:
-    title: 2.2.19 Ensure rsync is not installed or the rsyncd service is masked
+    title: 2.2.18 Ensure rsync is not installed or the rsyncd service is masked
     installed: false
     meta:
       server: 1
       workstation: 1
       CIS_ID:
-      - 2.2.19
+      - 2.2.18
       CISv8:
       - 4.8
       CISv8_IG1: false
@@ -20,7 +20,7 @@ package:
   {{ if .Vars.rhel9cis_use_rsync_service }}
 command:
   rsyncd masked:
-    title: 2.2.19 Ensure rsync is not installed or the rsyncd service is masked
+    title: 2.2.18 Ensure rsync is not installed or the rsyncd service is masked
     exit-status: 1
     exec: systemctl is-enabled rsyncd
     stdout:
@@ -29,7 +29,7 @@ command:
       server: 1
       workstation: 1
       CIS_ID:
-      - 2.2.19
+      - 2.2.18
       CISv8:
       - 4.8
       CISv8_IG1: false

From e5e2aeb1b09b3c3ed9905a1e8c909ee11db84b76 Mon Sep 17 00:00:00 2001
From: Mark Bolwell <mark.bollyuk@gmail.com>
Date: Wed, 30 Oct 2024 10:58:23 +0000
Subject: [PATCH 4/4] Issue #38 thanks to levaillx

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
---
 section_1/cis_1.8/cis_1.8.2.yml | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/section_1/cis_1.8/cis_1.8.2.yml b/section_1/cis_1.8/cis_1.8.2.yml
index ed63c0a..35c32a0 100644
--- a/section_1/cis_1.8/cis_1.8.2.yml
+++ b/section_1/cis_1.8/cis_1.8.2.yml
@@ -1,3 +1,5 @@
+---
+
 {{ if .Vars.rhel9cis_gui }}
   {{ if .Vars.rhel9cis_rule_1_8_2 }}
 command:
@@ -7,9 +9,8 @@ command:
     exit-status: 0
     stdout:
     - '/^user-db:user/'
-    - '/^system-db:user/'
+    - '/^system-db:gdm/'
     - '/^file-db:\/usr\/share\/gdm\/greeter-dconf-defaults/'
-    - "/^banner-message-text=\'{{ .Vars.rhel9cis_warning_banner }}\'/"
     meta:
       server: 1
       workstation: 1
@@ -28,9 +29,9 @@ command:
       - 0
       - 1
     stdout:
-    - '/^banner-message-enable=true/'
-    - '!/^banner-message-enable=false/'
-    - "/^banner-message-text=\'{{ .Vars.rhel9cis_warning_banner }}\'/"
+    - '/.*:banner-message-enable=true/'
+    - '!/.*:banner-message-enable=false/'
+    - '/.*:banner-message-text=.{{ .Vars.rhel9cis_warning_banner }}./'
     meta:
       server: 1
       workstation: 1