OCPBUGS-28797: Clarify banner instructions for RHCOS nodes

[rhmdnd]

The instructions for remediating Linux banners on login was pretty vague
for RHCOS nodes. This commit attempts to clarify that by suggesting the
users can use the default remediation, and tweak it to fit their
use case.

[github-actions]

Start a new ephemeral environment with changes proposed in this pull request:

Fedora Environment

Oracle Linux 8 Environment

[github-actions]

🤖 A k8s content image for this PR is available at:
ghcr.io/complianceascode/k8scontent:11635
This image was built from commit: a23ef02

Click here to see how to deploy it

If you alread have Compliance Operator deployed:
utils/build_ds_container.py -i ghcr.io/complianceascode/k8scontent:11635

Otherwise deploy the content and operator together by checking out ComplianceAsCode/compliance-operator and:
CONTENT_IMAGE=ghcr.io/complianceascode/k8scontent:11635 make deploy-local

[xiaojiey]

/hold for test

[yuumasato]

/lgtm
Just pending pre-merge tesing

[xiaojiey]

@rhmdnd The description is good. However, the instructions is not updated.
Could you please help to update the instructions? Thanks.
The user need to use command cat /etc/issue.d/legal-notice on node instead of cat /etc/issue

content/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/rule.yml

Lines 133 to 136 in 4879ba6

	ocil: |-
	To check if the system login banner is compliant,
	run the following command:
	<pre>$ cat /etc/issue</pre>

$ oc get rule upstream-rhcos4-banner-etc-issue -o=jsonpath={.instructions}
To check if the system login banner is compliant,
run the following command:
$ cat /etc/issue

[xiaojiey]

A mc can only be applied for one pool at the same time. It is meaningless to add one more label here.

[xiaojiey]

The matchExpressions can apply MC for both custom pool and worker pool.

spec:
  machineConfigSelector:
    matchExpressions:
      - {key: machineconfiguration.openshift.io/role, operator: In, values: [worker,infra]}

[rhmdnd]

Oh - interesting. Is that only applicable to node pools though? I was able to find one example here

https://docs.openshift.com/container-platform/4.15/post_installation_configuration/node-tasks.html#configuring-huge-pages_post-install-node-tasks

[codeclimate]

Code Climate has analyzed commit a23ef02 and detected 0 issues on this pull request.

The test coverage on the diff in this pull request is 100.0% (50% is the threshold).

This pull request will bring the total coverage in the repository to 59.8% (0.0% change).

View more on Code Climate.

[xiaojiey]

Verification pass with 4.16.0-0.nightly-2024-03-06-073110 + content ghcr.io/complianceascode/k8scontent:11635:

$ oc get rule upstream-rhcos4-banner-etc-issue -o=jsonpath={.instructions}
To check if the system login banner is compliant,
run the following command:

$ cat /etc/issue.d/legal-notice

[xiaojiey]

/unhold

[xiaojiey]

/lgtm