Fix file_groupowner_etc_chrony_keys OVAL check

[svet-se]

Description:

• Fix file_groupowner_etc_chrony_keys OVAL check

Rationale:

• improved the pattern match

[openshift-ci]

Hi @svet-se. Thanks for your PR.

I'm waiting for a ComplianceAsCode member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[jan-cerny]

Please add a test scenario covering the situation that is fixed by this PR.

[svet-se]

Please add a test scenario covering the situation that is fixed by this PR.

Hey @jan-cerny,
The rule itself works as expected. I want to cover just the case if there is a "chrony:!:470" for example, in the group file, because the "!" symbol is not covered by "\w".

[codeclimate]

Code Climate has analyzed commit e0e1124 and detected 0 issues on this pull request.

The test coverage on the diff in this pull request is 100.0% (50% is the threshold).

This pull request will bring the total coverage in the repository to 62.0% (0.0% change).

View more on Code Climate.

[jan-cerny]

thanks for adding the tests!

jcerny@fedora:~/work/git/scap-security-guide (pr/13248)$ python3 tests/automatus.py rule --libvirt qemu:///system ssgts_rhel9 file_groupowner_etc_chrony_keys
Setting console output to log level INFO
INFO - The base image option has not been specified, choosing libvirt-based test environment.
INFO - Logging into /home/jcerny/work/git/scap-security-guide/logs/rule-custom-2025-04-01-0850/test_suite.log
INFO - xccdf_org.ssgproject.content_rule_file_groupowner_etc_chrony_keys
INFO - Script correct_chrony_keys_groupowner.pass.sh using profile (all) OK
INFO - Script correct_chrony_keys_locked_groupowner.pass.sh using profile (all) OK
INFO - Script incorrect_chrony_keys_groupowner.fail.sh using profile (all) OK
jcerny@fedora:~/work/git/scap-security-guide (pr/13248)$ python3 tests/automatus.py rule --libvirt qemu:///system ssgts_rhel9 --remediate-using ansible file_groupowner_etc_chrony_keys
Setting console output to log level INFO
INFO - The base image option has not been specified, choosing libvirt-based test environment.
INFO - Logging into /home/jcerny/work/git/scap-security-guide/logs/rule-custom-2025-04-01-0853/test_suite.log
INFO - xccdf_org.ssgproject.content_rule_file_groupowner_etc_chrony_keys
INFO - Script correct_chrony_keys_groupowner.pass.sh using profile (all) OK
INFO - Script correct_chrony_keys_locked_groupowner.pass.sh using profile (all) OK
INFO - Script incorrect_chrony_keys_groupowner.fail.sh using profile (all) OK