Several of the tests produce false failures

[opub]

1.2.1 - is too restrictive since it assumes the existence of specific repo names (base and updates).

1.7.1.4 - if /etc/motd is a symbolic link then test_perms incorrectly inspects link perms instead of file.

3.6.3 and 3.6.4 - this doesn't take into account the iptables rules potentially having comments in them.

4.2.1.3 - doesn't find FileCreateMode if it is set under a /etc/rsyslog.d/*.conf file.

5.4.4 - doesn't find user mask if it occurs multiple times in file like in an if/else condition.

[finalduty]

Hey @opub, thanks for your report and my apologies for not getting to this sooner.

1.2.1 - I originally wrote this based on the default repo names, but it also doesn't take in to account other repos that may be required. The remediation in the standard says to configure the repos according to site policy, so I will instead skip this check and require the user to manually verify it themselves.

1.7.1.4, 3.6.3, 3.6.4 - I have replicated these issues. I've tested a fix and will push that shortly.

5.4.4 - I've updated this check to test all umasks within /etc/bashrc and /etc/profile to ensure they all meet the criteria.