From 19b3ad1dd20295da6b07e1ebb62fbe34e5fb9099 Mon Sep 17 00:00:00 2001
From: Daniel Linder <dan@linder.org>
Date: Wed, 11 Dec 2024 21:28:34 -0600
Subject: [PATCH 1/2] Simplify regex to handle comments properly.

This closes the issue in #316.

Update regex for RHEL-08-010830 so the basic comment line will not affect the final result.

Signed-off-by: Daniel Linder <dan@linder.org>
---
 tasks/fix-cat2.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tasks/fix-cat2.yml b/tasks/fix-cat2.yml
index dae1b90..5553a15 100644
--- a/tasks/fix-cat2.yml
+++ b/tasks/fix-cat2.yml
@@ -2723,7 +2723,7 @@
 - name: "MEDIUM | RHEL-08-010830 | PATCH | RHEL 8 must not allow users to override SSH environment variables."
   ansible.builtin.lineinfile:
       path: /etc/ssh/sshd_config
-      regexp: '(?i)^#?PermitUserEnvironment'
+      regexp: '(?i)^PermitUserEnvironment'
       line: 'PermitUserEnvironment no'
       validate: '/usr/sbin/sshd -T -f %s'
   notify: restart sshd

From 49df57f98ff86ae889b6bcd963d94655f496f82e Mon Sep 17 00:00:00 2001
From: Daniel Linder <dan@linder.org>
Date: Wed, 11 Dec 2024 22:07:43 -0600
Subject: [PATCH 2/2] Handle leading whitespace

---
 tasks/fix-cat2.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tasks/fix-cat2.yml b/tasks/fix-cat2.yml
index 5553a15..cb75e87 100644
--- a/tasks/fix-cat2.yml
+++ b/tasks/fix-cat2.yml
@@ -2723,7 +2723,7 @@
 - name: "MEDIUM | RHEL-08-010830 | PATCH | RHEL 8 must not allow users to override SSH environment variables."
   ansible.builtin.lineinfile:
       path: /etc/ssh/sshd_config
-      regexp: '(?i)^PermitUserEnvironment'
+      regexp: '(?i)^\s*PermitUserEnvironment'
       line: 'PermitUserEnvironment no'
       validate: '/usr/sbin/sshd -T -f %s'
   notify: restart sshd