Hi All, This is on SLES 11 SP3 with OpenSCAP 1.2.5.
I am trying to do a check to find out suid and sgid files in /bin. <file_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix"; id="oval:suid-test.test.com:obj:151" version="1" comment="find-all-suid-and-sgid-files"> <behaviors recurse="directories" recurse_direction="down" recurse_file_system="local" max_depth="1"/> <path datatype="string" operation="equals">/bin</path> <filename datatype="string" operation="pattern match">.*</filename> <filter xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5"; action="include">oval:suid-test.test.com:ste:30</filter> </file_object> <file_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix"; id="oval:suid-test.test.com:ste:30" version="1" comment="SRG-OS-000327-GPOS-00127-filter-include-suid-and sgid-files"> <suid datatype="boolean" operation="equals">1</suid> <sgid datatype="boolean" operation="equals">1</sgid> </file_state> But, as soon as I apply the filter, no object gets collected. Is this a known issue? I also tried with filename regex as [a-z]+, but that does not work as well. Any pointers please? I can confirm that there are suid files in /bin. /bin/eject /bin/su /bin/umount /bin/mount /bin/ping /bin/ping6 If I remove the filter, all files under /bin are collected perfectly. So, I am suspicious that filter is breaking things. Thanks and regards, Pravin Goyal
_______________________________________________ Open-scap-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/open-scap-list
