Bad `separator_regex` value for validation of Postfix's `smtpd_client_restrictions` configuration-item.

[ferricoxide]

Description of problem:

The scan-regex for the Postfix smtpd_client_restrictions is too fragile.

SCAP Security Guide Version:

0.1.77

Operating System Version:

EL 9.6

• Red Hat
• Oracle
• Rocky
• Alma

Steps to Reproduce:

1. Launch a fresh, EL9-based system
2. Update /etc/postfix/main.cf file's smtpd_client_restrictions parameter to a suitable value
3. Install oscap contents
4. Execute oscap xccdf eval --remediate --profile xccdf_org.ssgproject.<PROFILE> <DS_XML_PATH>
5. View scan results

Actual Results:

Find that oscap is still reporting an insecure configuration

Expected Results:

Find that oscap is reporting a secured configuration

Fix Recommendation:

Update the separator_regex value (presumably in the linux_os/guide/services/mail/postfix_harden_os/postfix_server_cfg/postfix_server_relay/postfix_prevent_unrestricted_relay/oval/shared.xml file?), changing from ' = ' to something like '\s*=\s*'.

[ferricoxide]

Note:

It looks like it's already fixed in the finding-related Ansible fix-content, just not the OVAL (scan) content.