Audit issue on the CIS recommandation 5.3.3

[Rafouf69]

Describe the Issue

The audit test for the CIS recommandation 5.3.3 passes successfully while I do not have any logfile configured.

            "successful": true,
            "summary-line": "Command: log_sudoers_d: stdout: matches expectation: [\"/[1:99]/\"]",
            "summary-line-compact": "Command: log_sudoers_d: stdout: matches expectation: [\"/[1:99]/\"]",

I tried to manually launch the test as shown below. It seems that the regex rule is wrong since it's greping the ASCII character :.

$ sudo grep -Ec '^Defaults logfile=/var/log/*.log' /etc/sudoers /etc/sudoers.d/.*/ | egrep "[1:99]"
/etc/sudoers:0
/etc/sudoers.d/../:0
/etc/sudoers.d/./:0
grep: /etc/sudoers.d/../: Is a directory
grep: /etc/sudoers.d/./: Is a directory

Expected Behavior
Failing test.

Actual Behavior
The test is marked as successful since it's grepping :.

Control(s) Affected
CIS 5.3.3

Environment (please complete the following information):

branch being used: devel
Ansible Version: 2.14.11
Host Python Version: 3.10.12
Ansible Server Python Version: 3.10.12

Possible Solution

Modify the regex rule in the in the line 10 of the test from;

    - '/[1:99]/'

to

    - '/[1-99]/'

[uk-bolly]

hi @Rafouf69

Thank you for raising this issue. This should now be merged to the relevant branch for the benchmark version.

Kindest regards

uk-bolly