From 9a9cdb6ecf185b7298fbc66bfbd6c500a5dc6a97 Mon Sep 17 00:00:00 2001
From: Mark Bolwell <mark.bollyuk@gmail.com>
Date: Fri, 13 Sep 2024 11:00:34 +0100
Subject: [PATCH 1/3] Thanks to @draygoX #407

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
---
 tasks/section_4/cis_4.4.3.4.x.yml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/tasks/section_4/cis_4.4.3.4.x.yml b/tasks/section_4/cis_4.4.3.4.x.yml
index f6c1be0a..9c5cecf7 100644
--- a/tasks/section_4/cis_4.4.3.4.x.yml
+++ b/tasks/section_4/cis_4.4.3.4.x.yml
@@ -63,7 +63,7 @@
         ansible.builtin.replace:
             path: "/etc/pam.d/{{ item }}-auth"
             regexp: ^(\s*password\s+(requisite|required|sufficient)\s+pam_unix\.so)(.*)remember\s*=\s*\d+(.*$)
-            replace: \1\2\3
+            replace: \1\3\4
         loop:
             - password
             - system
@@ -78,7 +78,7 @@
         ansible.builtin.replace:
             path: "/etc/authselect/custom/{{ rhel8cis_authselect_custom_profile_name }}/{{ item }}-auth"
             regexp: ^(\s*password\s+(requisite|required|sufficient)\s+pam_unix\.so)(.*)remember\s*=\s*\d+(.*$)
-            replace: \1\2\3
+            replace: \1\3\4
         loop:
             - password
             - system
@@ -108,7 +108,7 @@
         ansible.builtin.replace:
             path: "/etc/pam.d/{{ item }}-auth"
             regexp: ^(\s*password\s+(requisite|required|sufficient)\s+pam_unix\.so)(.*)(sha512|yescrypt)(.*$)
-            replace: \1\2\4 {{ rhel8cis_pam_pwhash }}
+            replace: \1\3\5 {{ rhel8cis_pam_pwhash }}
         loop:
             - password
             - system
@@ -123,7 +123,7 @@
         ansible.builtin.replace:
             path: "/etc/authselect/custom/{{ rhel8cis_authselect_custom_profile_name }}/{{ item }}-auth"
             regexp: ^(\s*password\s+(requisite|required|sufficient)\s+pam_unix\.so)(.*)(sha512|yescrypt)\s*=\s*\d+(.*$)
-            replace: \1\2\4 {{ rhel8cis_pam_pwhash }}
+            replace: \1\3\5 {{ rhel8cis_pam_pwhash }}
         loop:
             - password
             - system

From f9d58c7351130ea2ab8df51469f1f58b5c3db51f Mon Sep 17 00:00:00 2001
From: Mark Bolwell <mark.bollyuk@gmail.com>
Date: Mon, 16 Sep 2024 08:59:06 +0100
Subject: [PATCH 2/3] fix typo

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
---
 tasks/prelim.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tasks/prelim.yml b/tasks/prelim.yml
index ce6962ff..56d4d49e 100644
--- a/tasks/prelim.yml
+++ b/tasks/prelim.yml
@@ -291,7 +291,7 @@
       - rhel8cis_rule_6_2_8
   tags:
       - always
-  ansible.builtin.shell: "cat /etc/passwd | awk -F: '($3 == 0 && $1 != \"root\") {i++;print $1 } END {exit i}'"
+  ansible.builtin.shell: "cat /etc/passwd | awk -F: '($3 == 0 && $1 != \"root\") {i++;print $1 } END {exit 1}'"
   changed_when: false
   check_mode: false
   register: discovered_uid_zero_accounts_except_root

From 9b76c39cda7249387c6e6c45892282c8d9e8ca7d Mon Sep 17 00:00:00 2001
From: Mark Bolwell <mark.bollyuk@gmail.com>
Date: Mon, 16 Sep 2024 11:11:13 +0100
Subject: [PATCH 3/3] Updated logixc for uid zero 6.2.9

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
---
 tasks/prelim.yml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/tasks/prelim.yml b/tasks/prelim.yml
index 56d4d49e..df3b5e64 100644
--- a/tasks/prelim.yml
+++ b/tasks/prelim.yml
@@ -288,10 +288,11 @@
 
 - name: "PRELIM | AUDIT | Gather UID 0 accounts other than root"
   when:
-      - rhel8cis_rule_6_2_8
+      - rhel8cis_rule_6_2_9
   tags:
       - always
   ansible.builtin.shell: "cat /etc/passwd | awk -F: '($3 == 0 && $1 != \"root\") {i++;print $1 } END {exit 1}'"
+  failed_when: discovered_uid_zero_accounts_except_root.rc not in [ 0, 1 ]
   changed_when: false
   check_mode: false
   register: discovered_uid_zero_accounts_except_root