Fix regular expression in Ansible remediation

[jan-cerny]

Ansible remediation of accounts_umask_etc_profile breaks the
/etc/profile syntax because the regex in task "Replace user umask in
/etc/profile" is wrong. The regex in ansible.builtin.replace
module is considered multiline, it matches everything except hash sign
but including newlines, so it "eats" all the lines before the "umask"
string if these lines don't contain the hash sign.

Fixes: #9053

[github-actions]

Start a new ephemeral environment with changes proposed in this pull request:

[github-actions]

This datastream diff is auto generated by the check Compare DS/Generate Diff

Click here to see the full diff

ansible remediation for rule 'xccdf_org.ssgproject.content_rule_accounts_umask_etc_profile' differs:
--- old datastream
+++ new datastream
@@ -27,8 +27,8 @@
 - name: Replace user umask in /etc/profile
 ansible.builtin.replace:
 path: /etc/profile
- regexp: ^[^#]*umask
- replace: umask {{ var_accounts_user_umask }}
+ regexp: ^(\s*)umask\s+\d+
+ replace: \1umask {{ var_accounts_user_umask }}
 tags:
 - CCE-81035-8
 - DISA-STIG-RHEL-08-020353

[codeclimate]

Code Climate has analyzed commit d735420 and detected 0 issues on this pull request.

The test coverage on the diff in this pull request is 100.0% (50% is the threshold).

This pull request will bring the total coverage in the repository to 42.7% (0.0% change).

View more on Code Climate.