Excellent -- please push! On 11/20/2013 01:26 PM, Maura Dailey wrote:
I noticed that the regex in ldap_client_pam_ldap_present was too limited. It should look for lines with pam_ldap.so in them, not just lines that end with it. Also, the period was not escaped.I also went ahead and switched the pam_ldap.conf checks to use filepath instead of path and filename, since that seems to be the standard going forward. Maura Dailey (2): Check was expecting pam_ldap.so to exist at least once with no options at the end of the line. It's better to see if it exists in the middle of a line. Also, fixed an unescaped period. Tested both checks and switched to using filepath instead of separate file and path tags. .../input/checks/ldap_client_pam_ldap_present.xml | 13 ++++----- RHEL6/input/checks/ldap_client_start_tls.xml | 14 ++++------- RHEL6/input/checks/ldap_client_tls_cacertpath.xml | 26 +++++++------------ 3 files changed, 21 insertions(+), 32 deletions(-) _______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
_______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
