On 4/22/14, 12:16 PM, Renshaw, Richard /c wrote:
Jan, Without the trailing / the regex will match any directory starting with/lib, /lib64, /usr/lib, or /usr/lib64. Like the spurious /usr/libexec/ file I was running into. Even if the trailing / isn't the correct fix, something needs to be changed to fix the regex.
Jan is right. Add a string terminator? e.g.:
- <unix:path operation="pattern match">^\/lib(|64)\/|^\/usr\/lib(|64)\/</unix:path> + <unix:path operation="pattern match">^\/lib(|64)$|^\/usr\/lib(|64)$</unix:path>
$ sudo chown root /lib $ sudo ./testcheck.py file_ownership_library_dirs.xml Evaluating with OVAL tempfile : /tmp/file_ownership_library_dirsp5REdU.xml Writing results to : /tmp/file_ownership_library_dirsp5REdU.xml-results Definition oval:scap-security-guide.testing:def:100: true Evaluation done. $ sudo chown shawn /lib $ sudo ./testcheck.py file_ownership_library_dirs.xml Evaluating with OVAL tempfile : /tmp/file_ownership_library_dirsWTFf4x.xml Writing results to : /tmp/file_ownership_library_dirsWTFf4x.xml-results Definition oval:scap-security-guide.testing:def:100: false Evaluation done. $ sudo chown shawn /usr/libexec/ ; sudo chown root /lib $ sudo ./testcheck.py file_ownership_library_dirs.xml Evaluating with OVAL tempfile : /tmp/file_ownership_library_dirsJ5RNOT.xml Writing results to : /tmp/file_ownership_library_dirsJ5RNOT.xml-results Definition oval:scap-security-guide.testing:def:100: true Evaluation done.
_______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
