Fix incorrect systemd-timesyncd configuration

linux_os/guide/services/ntp/service_timesyncd_configured/ansible/shared.yml

@@ -5,36 +5,15 @@
 # disruption = low
 {{{ ansible_instantiate_variables("var_multiple_time_servers") }}}
 
+{{% set timesyncd_conf_file = "/etc/systemd/timesyncd.conf.d/oscap-remedy.conf" %}}
+
 - name: {{{ rule_title }}} - Set Primary NTP Servers
   ansible.builtin.set_fact:
-    preferred_ntp_servers: '{{ var_multiple_time_servers.split(",") | slice(2)| first |
-    join(",") }}'
+    preferred_ntp_servers: '{{ var_multiple_time_servers.split(",") | slice(2)| first | join(" ") }}'
 
 - name: {{{ rule_title }}} - Set Fallback NTP Servers
   ansible.builtin.set_fact:
-    fallback_ntp_servers: '{{ var_multiple_time_servers.split(",") | slice(2)| list | last |
-    join(",") }}'
-
-- name: {{{ rule_title }}} - Add missing / update wrong records for NTP servers
-  ansible.builtin.lineinfile:
-    {{% if "ubuntu" in product %}}
-    path: /etc/systemd/timesyncd.conf.d/oscap-remedy.conf
-    {{% else %}}
-    path: /etc/systemd/timesyncd.d/oscap-remedy.conf
-    {{% endif %}}
-    regexp: '^\s*NTP\s*='
-    state: present
-    line: 'NTP={{ preferred_ntp_servers }}'
-    create: true
+    fallback_ntp_servers: '{{ var_multiple_time_servers.split(",") | slice(2)| list | last | join(" ") }}'
 
-- name: {{{ rule_title }}} - Add missing / update wrong records for fallback servers
-  ansible.builtin.lineinfile:
-    {{% if "ubuntu" in product %}}
-    path: /etc/systemd/timesyncd.conf.d/oscap-remedy.conf
-    {{% else %}}
-    path: /etc/systemd/timesyncd.d/oscap-remedy.conf
-    {{% endif %}}
-    regexp: '^\s*FallbackNTP\s*='
-    state: present
-    line: 'FallbackNTP={{ fallback_ntp_servers }}'
-    create: true
+{{{ ansible_ini_file_set(timesyncd_conf_file, "Time", "NTP", "{{ preferred_ntp_servers }}") }}}
+{{{ ansible_ini_file_set(timesyncd_conf_file, "Time", "FallbackNTP", "{{ fallback_ntp_servers }}") }}}

linux_os/guide/services/ntp/service_timesyncd_configured/bash/shared.sh

@@ -7,37 +7,28 @@
 {{{ bash_instantiate_variables("var_multiple_time_servers") }}}
 IFS=',' read -r -a time_servers_array <<< "$var_multiple_time_servers"
 preferred_ntp_servers_array=("${time_servers_array[@]:0:2}")
-preferred_ntp_servers=$( echo "${preferred_ntp_servers_array[@]}"|sed -e 's/\s\+/,/g' )
+preferred_ntp_servers=$( echo "${preferred_ntp_servers_array[@]}" )
 fallback_ntp_servers_array=("${time_servers_array[@]:2}")
-fallback_ntp_servers=$( echo "${fallback_ntp_servers_array[@]}"|sed -e 's/\s\+/,/g' )
+fallback_ntp_servers=$( echo "${fallback_ntp_servers_array[@]}" )
+
+IFS=" " mapfile -t current_cfg_arr < <(ls -1 /etc/systemd/timesyncd.conf.d/* 2>/dev/null)
 
-IFS=" " mapfile -t current_cfg_arr < <(ls -1 /etc/systemd/timesyncd.d/* /etc/systemd/timesyncd.conf.d/* 2>/dev/null)
-{{% if "ubuntu" in product %}}
-config_file="/etc/systemd/timesyncd.conf.d/oscap-remedy.conf"
-{{% else %}}
-config_file="/etc/systemd/timesyncd.d/oscap-remedy.conf"
-{{% endif %}}
 current_cfg_arr+=( "/etc/systemd/timesyncd.conf" )
 # Comment existing NTP FallbackNTP settings
 for current_cfg in "${current_cfg_arr[@]}"
 do
     sed -i 's/^NTP/#&/g' "$current_cfg"
     sed -i 's/^FallbackNTP/#&/g' "$current_cfg"
 done
-{{% if "ubuntu" in product %}}
+
+# Set primary fallback NTP servers in drop-in configuration
+# Create /etc/systemd/timesyncd.conf.d if it doesn't exist
 if [ ! -d "/etc/systemd/timesyncd.conf.d" ]
 then 
     mkdir /etc/systemd/timesyncd.conf.d
 fi
-{{% else %}}
-# Create /etc/systemd/timesyncd.d if it doesn't exist
-if [ ! -d "/etc/systemd/timesyncd.d" ]
-then 
-    mkdir /etc/systemd/timesyncd.d
-fi
-{{% endif %}}
 
-# Set primary fallback NTP servers in drop-in configuration
-echo "NTP=$preferred_ntp_servers" >> "$config_file"
-echo "FallbackNTP=$fallback_ntp_servers" >> "$config_file"
+{{{ bash_ini_file_set("/etc/systemd/timesyncd.conf.d/oscap-remedy.conf", "Time", "NTP", "$preferred_ntp_servers", rule_id=rule_id) }}}
+{{{ bash_ini_file_set("/etc/systemd/timesyncd.conf.d/oscap-remedy.conf", "Time", "FallbackNTP", "$fallback_ntp_servers", rule_id=rule_id) }}}
+
 

linux_os/guide/services/ntp/service_timesyncd_configured/oval/shared.xml

@@ -13,7 +13,7 @@
   <local_variable id="{{{ rule_id }}}_variable_test_servers" datatype="string" version="1"
     comment="a local variable which includes all vendor-approved pool servers">
       <concat>
-          <literal_component>^[[:space:]]*(NTP|FallbackNTP)[[:space:]]*=[[:space:]]*</literal_component>
+          <literal_component>^\s*\[Time\].*(?:\n\s*[^[\s].*)*\n^[[:space:]]*(NTP|FallbackNTP)[[:space:]]*=[[:space:]]*</literal_component>
           <split delimiter=",">
               <variable_component var_ref="var_multiple_time_servers" />
           </split>
@@ -30,11 +30,7 @@
 
   <ind:textfilecontent54_object comment="Ensure at least one NTP server is set"
     id="{{{ rule_id }}}_object_systemd_timesyncd_dropin_configuration" version="1">
-{{% if "ubuntu" in product %}}
     <ind:path>/etc/systemd/timesyncd.conf.d</ind:path>
-{{% else %}}
-    <ind:path>/etc/systemd/timesyncd.d</ind:path>
-{{% endif %}}
     <ind:filename operation="pattern match">^.*\.conf$</ind:filename>
     <ind:pattern operation="pattern match" var_ref="{{{ rule_id }}}_variable_test_servers"/>
     <ind:instance datatype="int" operation="greater than or equal">1</ind:instance>

linux_os/guide/services/ntp/service_timesyncd_configured/tests/common.sh

@@ -1,10 +1,5 @@
 #!/bin/bash
 
-{{% if "ubuntu" in product %}}
 mkdir -p /etc/systemd/timesyncd.conf.d/
 echo "" > /etc/systemd/timesyncd.conf.d/oscap-remedy.conf
-{{% else %}}
-mkdir -p /etc/systemd/timesyncd.d/
-echo "" > /etc/systemd/timesyncd.d/oscap-remedy.conf
-{{% endif %}}
 echo "" > /etc/systemd/timesyncd.conf

linux_os/guide/services/ntp/service_timesyncd_configured/tests/dropin_config.pass.sh

@@ -3,14 +3,8 @@
 # variables = var_multiple_time_servers=0.suse.pool.ntp.org,1.suse.pool.ntp.org,2.suse.pool.ntp.org,3.suse.pool.ntp.org
 
 source common.sh
-{{% if "ubuntu" in product %}}
 cat <<EOF >/etc/systemd/timesyncd.conf.d/oscap-remedy.conf
-NTP=0.suse.pool.ntp.org,1.suse.pool.ntp.org
-FallbackNTP=2.suse.pool.ntp.org,3.suse.pool.ntp.org
+[Time]
+NTP=0.suse.pool.ntp.org 1.suse.pool.ntp.org
+FallbackNTP=2.suse.pool.ntp.org 3.suse.pool.ntp.org
 EOF
-{{% else %}}
-cat <<EOF >/etc/systemd/timesyncd.d/oscap-remedy.conf
-NTP=0.suse.pool.ntp.org,1.suse.pool.ntp.org
-FallbackNTP=2.suse.pool.ntp.org,3.suse.pool.ntp.org
-EOF
-{{% endif %}}

linux_os/guide/services/ntp/service_timesyncd_configured/tests/missing_time.fail.sh

@@ -0,0 +1,9 @@
+#!/bin/bash
+# packages = systemd
+# variables = var_multiple_time_servers=0.suse.pool.ntp.org,1.suse.pool.ntp.org,2.suse.pool.ntp.org,3.suse.pool.ntp.org
+
+source common.sh
+cat <<EOF >/etc/systemd/timesyncd.conf.d/oscap-remedy.conf
+NTP=0.suse.pool.ntp.org 1.suse.pool.ntp.org
+FallbackNTP=2.suse.pool.ntp.org 3.suse.pool.ntp.org
+EOF

linux_os/guide/services/ntp/service_timesyncd_configured/tests/timesyncd_config.pass.sh

@@ -5,6 +5,7 @@
 source common.sh
 
 cat <<EOF >/etc/systemd/timesyncd.conf
-NTP=0.suse.pool.ntp.org,1.suse.pool.ntp.org
-FallbackNTP=2.suse.pool.ntp.org,3.suse.pool.ntp.org
+[Time]
+NTP=0.suse.pool.ntp.org 1.suse.pool.ntp.org
+FallbackNTP=2.suse.pool.ntp.org 3.suse.pool.ntp.org
 EOF