Stabilizing ASB v2's auditEnsureRemoteLoginWarningBannerIsConfigured and remediateEnsureRemoteLoginWarningBannerIsConfigured (#728)

2024-06-19 16:03:03 -07:00 · 2024-06-19 16:03:03 -07:00 · cd68ccb502
--- a/src/common/asb/Asb.c
+++ b/src/common/asb/Asb.c
@ -1331,10 +1331,18 @@ static char* AuditEnsureCronServiceIsEnabled(void* log)
 static char* AuditEnsureRemoteLoginWarningBannerIsConfigured(void* log)
 {
    char* reason = NULL;
-    RETURN_REASON_IF_NOT_ZERO(CheckTextIsNotFoundInFile(g_etcIssueNet, "\\m", &reason, log));
-    RETURN_REASON_IF_NOT_ZERO(CheckTextIsNotFoundInFile(g_etcIssueNet, "\\r", &reason, log));
-    RETURN_REASON_IF_NOT_ZERO(CheckTextIsNotFoundInFile(g_etcIssueNet, "\\s", &reason, log));
-    CheckTextIsNotFoundInFile(g_etcIssueNet, "\\v", &reason, log);
+    if (0 == CheckFileExists(g_etcIssueNet, &reason, log))
+    {
+        RETURN_REASON_IF_NOT_ZERO(CheckTextIsNotFoundInFile(g_etcIssueNet, "\\m", &reason, log));
+        RETURN_REASON_IF_NOT_ZERO(CheckTextIsNotFoundInFile(g_etcIssueNet, "\\r", &reason, log));
+        RETURN_REASON_IF_NOT_ZERO(CheckTextIsNotFoundInFile(g_etcIssueNet, "\\s", &reason, log));
+        CheckTextIsNotFoundInFile(g_etcIssueNet, "\\v", &reason, log);
+    }
+    else if (IsCurrentOs(PRETTY_NAME_SLES_15, log))
+    {
+        FREE_MEMORY(reason);
+        reason = FormatAllocateString("%s'%s' does not exist in '%s'", g_pass, g_etcIssueNet, PRETTY_NAME_SLES_15);
+    }
    return reason;
 }

@ -2639,17 +2647,29 @@ static int RemediateEnsureCronServiceIsEnabled(char* value, void* log)

 static int RemediateEnsureAuditdServiceIsRunning(char* value, void* log)
 {
-    int status = ENOENT;
+    int status = ENOENT, i = 0;
    UNUSED(value);
-    if (((0 == InstallPackage(g_audit, log)) || (0 == InstallPackage(g_auditd, log)) ||
-        (0 == InstallPackage(g_auditLibs, log)) || (0 == InstallPackage(g_auditLibsDevel, log))))
+    if (((0 == InstallPackage(g_audit, log)) || (0 == InstallPackage(g_auditd, log)) || 
+        (0 == InstallPackage(g_auditLibs, log)) || (0 == InstallPackage(g_auditLibsDevel, log))) && EnableDaemon(g_auditd, log))
    { 
-        if (false == EnableAndStartDaemon(g_auditd, log))
+        if (StartDaemon(g_auditd, log))
+        {
+            status = 0;
+        }
+        else
        {
            ExecuteCommand(NULL, "restorecon -r -v /var/log/audit", false, false, 0, 0, NULL, NULL, log);
-            StartDaemon(g_auditd, log);
+            for (i = 0; i < 10; i++)
+            {
+                sleep(1);
+                StartDaemon(g_auditd, log);
+                if (CheckDaemonActive(g_auditd, NULL, log))
+                {
+                    status = 0;
+                    break;
+                }
+            }
        }
-        status = CheckDaemonActive(g_auditd, NULL, log) ? 0 : ENOENT;
    }
    return status;
 }
@ -2915,8 +2935,13 @@ static int RemediateEnsureRemoteLoginWarningBannerIsConfigured(char* value, void
 {
    const char* escapes = "mrsv";
    unsigned int numEscapes = 4;
+    int status = 0;
    UNUSED(value);
-    return RemoveEscapeSequencesFromFile(g_etcIssueNet, escapes, numEscapes, ' ', log);
+    if (0 == CheckFileExists(g_etcIssueNet, NULL, log))
+    {
+        status = RemoveEscapeSequencesFromFile(g_etcIssueNet, escapes, numEscapes, ' ', log);
+    }
+    return status;
 }

 static int RemediateEnsureLocalLoginWarningBannerIsConfigured(char* value, void* log)
--- a/src/common/commonutils/PackageUtils.c
+++ b/src/common/commonutils/PackageUtils.c
@ -26,7 +26,7 @@ int IsPresent(const char* what, void* log)
    {
        if (0 == (status = ExecuteCommand(NULL, command, false, false, 0, 0, NULL, NULL, log)))
        {
-            OsConfigLogInfo(log, "IsPresent: '%s' is locally installed", what);
+            OsConfigLogInfo(log, "'%s' is locally present", what);
        }
    }
    else
@ -59,7 +59,7 @@ static int CheckOrInstallPackage(const char* commandTemplate, const char* packag

    if (0 != (status = ExecuteCommand(NULL, command, false, false, 0, 0, NULL, NULL, log)))
    {
-        OsConfigLogError(log, "CheckOrInstallPackage: '%s' failed with %d (errno: %d)", command, status, errno);
+        OsConfigLogError(log, "'%s' failed with %d (errno: %d)", command, status, errno);
    }

    FREE_MEMORY(command);
--- a/src/modules/test/main.c
+++ b/src/modules/test/main.c
@ -391,7 +391,6 @@ int RunTestStep(const TEST_STEP* test, const MANAGEMENT_MODULE* module)
        // Following are temporarily disabled and they will be re-enabled and fixed one by one for all target distros
        "auditEnsurePermissionsOnEtcPasswdDash",
        "auditEnsureSyslogRotaterServiceIsEnabled",
-        "auditEnsureRemoteLoginWarningBannerIsConfigured",
        "auditEnsureZeroconfNetworkingIsDisabled"
    };
    int numSkippedAudits = ARRAY_SIZE(skippedAudits);
@ -399,7 +398,6 @@ int RunTestStep(const TEST_STEP* test, const MANAGEMENT_MODULE* module)
    const char* skippedRemediations[] = {
        // Following are temporarily disabled and they will be re-enabled and fixed one by one for all target distros
        "remediateEnsureSyslogRotaterServiceIsEnabled",
-        "remediateEnsureRemoteLoginWarningBannerIsConfigured",
        "remediateEnsureZeroconfNetworkingIsDisabled"
    };
    int numSkippedRemediations = ARRAY_SIZE(skippedRemediations);