Use str.translate method like python does.

Mostly where ever rhel8 / rhel9 is used.

bash_sed_escape_regexp is for s regexp and bash_sed_escape_replacement
is for replacement

/etc/sysctl.conf or any related directories might not exist.

Implement `bash_sysctl_test_clean` to ensure all sysctl directories and
files do exist, and there can only be configuration at `/etc/sysctl.conf`.

Implement `bash_sysctl_set_remediate_file_name`. Only one place to set
where file used to set `sysctl` remediation variables.

Implement `bash_sysctl_set_config_directories`. Per product list of
directories we are managing. Not all products manage all directories.

If there is some reason to modify this phase, now there is shared place
to do it. Use it in all `sysctl` template tests.

Also match documentation to implementation.

From: sysctl.conf(5)
...
FILES
       /etc/sysctl.d/*.conf
       /run/sysctl.d/*.conf
       /usr/local/lib/sysctl.d/*.conf
       /usr/lib/sysctl.d/*.conf
       /lib/sysctl.d/*.conf
       /etc/sysctl.conf
...

Use bash pattern to strip key from undesirables instead of invoking sed.

Some style fixes.

Baseline function striped_key just does not support complex enough regexps for key.

Sometimes data is not case insensitive and case can not be ignored.

Sometimes data does not end at word boundary as regexp word boundary \> understands it.

Try to implement support for all quirks from manuals. Use slightly
changed logic, `bash_sed_escape_regexp`, and `quote` to achieve this.

Avoid per product quirks here by using
`bash_sysctl_set_config_directories` and
`bash_sysctl_set_remediate_file_name`.

Add LC_ALL=C to checks.

Assume sysctl values can never contain \n.

Most probably bad OVAL with too broad regex capture, or no capture at
all, so it gets all whitespace around.

sed does not allow multiline regexps and you get errors like:

sed: -e expression ComplianceAsCode#1, char 67: unterminated `s' command

use set -epu to fail if there is any issues.

Try to minimize unnecessary newlines in created files.

… directories

And thus wrong_value_usr_local_lib.fail.sh is not needed any more.

Now wrong_value_d_directory.fail.sh tests OVAL that it finds all
relevant wrong values.

During remediation test that all relevant wrong values are fixed.

I believe testing one directory at a time is not benefical usage of
testing resources. As we want to test one item, it is to test if list of
directories implemented in OVAL or in remediation are not in sync.

…ng_sysctlval_for_testing

Implemented heuristics might not work always, especially with multivalue
settings like `net.ipv4.ip_local_port_range`.

Also handle 'E226 missing whitespace around arithmetic operator'.

There is patchset to enable this:

	https://patchwork.kernel.org/project/linux-hardening/patch/1469630746-32279-1-git-send-email-jeffv@google.com/

Some distros might have this enabled.

Add variable sysctl_kernel_perf_event_paranoid_value as variable is
required when multiple values possible.

Oval set can have only up to 2 items. This converts list to one set as
it can get quite tedious if done by hand.

Handle sysctl_dirs as a list.

Rename elements according to Style Guide.

Try to minimize extra newlines and use indentation as per Style Guide.

Use oval_list_to_set to create <set> for 'unfiltered'.

Try to handle sysctl quirks.

Check sysctlval type. This helps logic.

ansible-doc sysctl
...
- sysctl_set
        Verify token value with the sysctl command and set with -w if necessary.
...

When you combine xccdf variables and other format than simple int /
string, there is no generict way to implement comparison. So I decided
just to use per name comparison method.

Function sysctl_set_kernel_setting_to is not used anywhere.

Previously SYSCTLVAL == "" was variable and this did not allow to handle empty values.

Change SYSCTLVAL to be not defined if having variable and this issue is solved.

Handle emtpy string in ansible because `sysctl` module does not handle
empty string.

Change state_aide_check_attributes to ensure no prefix/suffix for
pattern.

Fix correct_with_selinux.pass.sh

Also use packages to ensure aide package is installed in tests.

Default word_boundary in bash_replace_or_append \> does not work with
*.* and like.

Replace regexp in all types to be the same. Avoid copy-paste in OVAL.

rsyslog.conf(5)
...
       Rules (selector + action)
              Every rule line consists of two fields, a selector field and an action field. These two fields are separated
              by one or more spaces or tabs. The selector field specifies a pattern of facilities and priorities belonging
              to the specified action.
...

Also drop comment or empty lines with whitespace start of line.

Newer ansible (mine 2.14) has sysctl at ansible.posix.sysctl.

But build system does not accept it:

	Found module which is not allowed:
	{'tags', 'name', 'when', 'ansible.posix.sysctl'}

and

	ERROR! couldn't resolve module/action 'ansible.posix.sysctl'. This often indicates a misspelling, missing collection, or incorrect module path.

    the replacement string in double-quoted pattern substitution does
    not undergo quote  removal,  as  it does in versions after bash-4.2