Fix grub2_audit_argument

[alanmcanonical]

Description:

• Allow both variables to be fixed

Rationale:

• STIG expects the "audit=1" in both GRUB_CMDLINE_LINUX_DEFAULT and GRUB_CMDLINE_LINUX

[openshift-ci]

Hi @alanmcanonical. Thanks for your PR.

I'm waiting for a ComplianceAsCode member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work.

Tip

We noticed you've done this a few times! Consider joining the org to skip this step and gain /lgtm and other bot rights. We recommend asking approvers on your previous PRs to sponsor you.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[jan-cerny]

The CI fail seems to be legit:

In /__w/content/content/build/ol7/fixes/bash/grub2_audit_argument.sh line 16:
    for grub_var in GRUB_CMDLINE_LINUX; do
                    ^----------------^ SC2043 (warning): This loop will only ever run once. Bad quoting or missing glob/expansion?

I suggest fixing this by replacing the Bash for loop by a Jinja for loop. That way the code on Ubuntu will unroll to two code blocks and on other products it will unroll to a single code block, which hopefully will satisfy shellcheck.

 {{%- for grub_var in grub_vars %}}

[jan-cerny]

I have run the tests locally on RHEL 9 and they passed for both Ansible and Bash