Hello! Came across this issue… is this the right place to report it?
Following provisioning a system and running some hardening processes my team noticed a “bad file” at `/etc/sysconfig/network-scripts/ifcfg-eno49?eno1?eno2?eno50?eno3?eno4`. The only reference I’ve found is in the ssg-centos7-ds.xml file: ``` if [ $nic_bound = false ];then # Add first NIC to SSH enabled zone if ! firewall-cmd --state -q; then <ns10:sub idref="xccdf_org.ssgproject.content_value_function_replace_or_append" use="legacy" /> replace_or_append "/etc/sysconfig/network-scripts/ifcfg-${eth_interface_list[0]}" '^ZONE=' "$firewalld_sshd_zone" 'CCE-80447-6' '%s=%s' else # If firewalld service is running, we need to do this step with firewall-cmd # Otherwise firewalld will comunicate with NetworkManage and will revert assigned zone # of NetworkManager managed interfaces upon reload firewall-cmd --zone=$firewalld_sshd_zone --add-interface=${eth_interface_list[0]} firewall-cmd --reload fi fi ``` It appears that `eth_interface_list` is defined via following in same file: ``` eth_interface_list=$(ip link show up | cut-d' '-f2| cut-d':'-s-f1| grep-E'^(en|eth)') ``` and then used as `${eth_interface_list[0]}`, which gets all active interfaces separated by newlines versus the intended… just the first active interface. This should be accomplished by adding another set of parentheses: ``` eth_interface_list=($(ip link show up | cut-d' '-f2| cut-d':'-s-f1| grep-E'^(en|eth)’)) ``` then it should work as intended. Sincerely, Nick
signature.asc
Description: Message signed with OpenPGP
_______________________________________________ Open-scap-list mailing list Open-scap-list@redhat.com https://www.redhat.com/mailman/listinfo/open-scap-list