From 8e2d767832d00e33d883126cde22106b36d91fa6 Mon Sep 17 00:00:00 2001
From: Matthew Burket <mburket@redhat.com>
Date: Mon, 21 Oct 2024 16:44:21 -0500
Subject: [PATCH] Update remedation for firewalld_sshd_port_enabled

* Fix issues on RHEL 10
* Ensure filtering is correct

Fixes #12476
---
 .../ssh_server/firewalld_sshd_port_enabled/ansible/shared.yml | 2 +-
 .../ssh/ssh_server/firewalld_sshd_port_enabled/bash/shared.sh | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/linux_os/guide/services/ssh/ssh_server/firewalld_sshd_port_enabled/ansible/shared.yml b/linux_os/guide/services/ssh/ssh_server/firewalld_sshd_port_enabled/ansible/shared.yml
index 6609c08723c..37ad68dc61d 100644
--- a/linux_os/guide/services/ssh/ssh_server/firewalld_sshd_port_enabled/ansible/shared.yml
+++ b/linux_os/guide/services/ssh/ssh_server/firewalld_sshd_port_enabled/ansible/shared.yml
@@ -53,7 +53,7 @@
 
     - name: '{{{ rule_title }}} - Collect firewalld active zones'
       ansible.builtin.shell:
-        cmd: firewall-cmd --get-active-zones | grep -v interfaces
+        cmd: firewall-cmd --get-active-zones | grep -v "^ " | cut -d " " -f 1
       register: result_firewall_cmd_zones_names
       changed_when: false
 
diff --git a/linux_os/guide/services/ssh/ssh_server/firewalld_sshd_port_enabled/bash/shared.sh b/linux_os/guide/services/ssh/ssh_server/firewalld_sshd_port_enabled/bash/shared.sh
index 5b39a4b3fdb..c0e3e2b436a 100644
--- a/linux_os/guide/services/ssh/ssh_server/firewalld_sshd_port_enabled/bash/shared.sh
+++ b/linux_os/guide/services/ssh/ssh_server/firewalld_sshd_port_enabled/bash/shared.sh
@@ -32,9 +32,9 @@ else
         systemctl restart NetworkManager
 
         # Active zones are zones with at least one interface assigned to it.
-        # It is possible that traffic is comming by any active interface and consequently any
+        # It is possible that traffic is coming by any active interface and consequently any
         # active zone. So, this make sure all active zones are permanently allowing SSH service.
-        readarray -t firewalld_active_zones < <(firewall-cmd --get-active-zones | grep -v interfaces)
+        readarray -t firewalld_active_zones < <(firewall-cmd --get-active-zones | grep -v "^ " | cut -d " " -f 1)
         for zone in "${firewalld_active_zones[@]}"; do
             firewall-cmd --permanent --zone="$zone" --add-service=ssh
         done