Describe the Issue
Manually running Audit on freshly built RHEL 9.4 system generates warning message

[root@rhel94-test02 ~]# /opt/RHEL9-CIS-Audit/run_audit.sh

## Pre-Checks Start

OK - Audit binary /usr/local/bin/goss is available
OK - Goss is installed and version is ok (0.4.7 >= 0.4.4)
OK - /opt/RHEL9-CIS-Audit/goss.yml is available

## Pre-checks Successful

#############
Audit Started
#############

2024-06-01T23:42:43Z [WARN] Duplicate key detected: 'package: vsftp'. The value from a later-loaded goss file has overwritten the previous value.
    "summary": {
        "failed-count": 90,
        "skipped-count": 12,
        "summary-line": "Count: 639, Failed: 90, Skipped: 12, Duration: 35.228s",
        "test-count": 639,
Completed file can be found at /opt/audit_rhel94-test02-CIS-RHEL9_1717285363.json
###############
Audit Completed
###############

Expected Behavior
No warnings generated

Actual Behavior
The files section_2/cis_2.3/cis_2.3.1_4.yml and section_2/cis_2.2/cis_2.2.6.yml contain a duplicate key vsftp

Control(s) Affected
What controls are being affected by the issue

Environment (please complete the following information):

• branch being used: devel

Possible Solution
sed -i 's/vsftp/ftp/' section_2/cis_2.2/cis_2.2.6.yml

The run_audit.sh script find the path to be OracleLinux9. This is not the case.

Fix the script to allow for Oracle.

Rule https://github.com/ansible-lockdown/RHEL9-CIS-Audit/blob/devel/section_5/cis_5.6/cis_5.6.1.3.yml

first check
title: 5.6.1.3 | Ensure password expiration warning days is 7 or more, may give false alarm if PASS_WARN_AGE has more then 2 digits.

I would suggest replacing line 9
- '!/^PASS_WARN_AGE\s*[1-6]/'
with
- '!/^PASS_WARN_AGE\s*[1-6]$/'

second check in the same rule
title: 5.6.1.3 | Ensure password expiration warning days is 7 or more | check_users, I would say it's a typo mistake line 24 has one ] extra and on line 25 [ is missing:

- '/^.*:([7-9]|[1-9][0-9]{1,}])$/'
- '!/^.*:1-6]$/'

replace with

- '/^.*:([7-9]|[1-9][0-9]{1,})$/'
- '!/^.*:[1-6]$/'

I excuted the ansible to run https://github.com/ansible-lockdown/RHEL9-CIS including Audit run. I found this error.

Describe the Issue
On Oracle 9U2 (at least), running the RHEL9-CIS-AUDIT extracts os_vendor from hostnamectl , which returns ORACLE and not RHEL.
Thus when one sets AUDIT_CONTENT_LOCATION, rather than RHEL9 being inserted, ORALCE9 is instead. If one has cloned the repository, it will be /path/RHEL9-CIS-AUDIT, and not /path/ORACLE9-CIS-AUDIT

Expected Behavior
Neither /etc/os-release nor hostnamectl contain and reference to RHEL. At this time, there should be a mapping to identify Oracle as RHEL, as for the future, who knows. If one maps ORACLE to RHEL , then it will functions as intended.

Actual Behavior
The following shows how the run_audit script identifies the os family

++ hostnamectl
++ cut -d : -f2
++ grep Oper
++ awk '{print $1}'
++ tr a-z A-Z

• os_vendor=ORACLE
  ++ awk '-F"' '{print $2}'
  ++ cut -d . -f1
  ++ grep -w VERSION_ID= /etc/os-release
• os_maj_ver=9
• audit_content_version=ORACLE9-CIS-Audit
• audit_content_dir=/home/opc/ORACLE9-CIS-Audit

Control(s) Affected
What controls are being affected by the issue

Environment (please complete the following information):

• branch being used: devel
• Ansible Version: 2.15.2
• Host Python Version: Python 3.11.12
• Ansible Server Python Version: Python 3.9.16
• Additional Details:

Additional Notes
Anything additional goes here

Possible Solution
In run_audit, have an associative array mapping ORACLE -> RHEL (only as it eliminates having a conditional)

Describe the Issue
This role does not appear to have a meta/main.yml file.

Expected Behavior
Starting galaxy role install process

changing role RHEL9_cis_audit from to unspecified
Actual Behavior
[WARNING]: - RHEL9-CIS-Audit was NOT installed successfully: this role does not appear to have a meta/main.yml file.

Control(s) Affected
Using it in a project.

Environment (please complete the following information):

not relevant here.

Additional Notes
Anything additional goes here

Possible Solution
Add file meta/main.yml.

Describe the Issue
When running the run_audit.sh, it fails with the following error:

Error: could not read json data in /home/opc/ORACLE9-CIS-Audit/section_5/cis_5.1/cis_5.1.8_9.yml: template: test:31:11: executing "test" at <.Vars.rhel9cis_rule
_5_1_9>: map has no entry for key "rhel9cis_rule_5_1_9"

Expected Behavior
There should be no non-existent variables referenced in conditional statements.

Actual Behavior
{{ if .Vars.rhel9cis_rule_5_1_9 }}
/etc/at.deny:
title: 5.1.9 | Ensure at is restricted to authorized users
exists: false
meta:

Since the variable has not been defined, it is not possible to evaluate the conditional statement.

Control(s) Affected
What controls are being affected by the issue

Environment (please complete the following information):

• branch being used: devel
• Ansible Version: 2.15.2
• Host Python Version: Python 3.11.12
• Ansible Server Python Version: Python 3.9.16
• Additional Details:

Additional Notes
Anything additional goes here

Possible Solution
Add rhel9cis_rule_5_1_9 to the defaults to the CIS.yaml file.