Shawn, The string terminator was, what I had in mind. The pattern would not match on subdirectories and that was reason why I asked. I was aware of the wrongfully tested libexec directory that triggered the patter change in the first place.
Jan On Apr 22, 2014, at 13:25, Shawn Wells wrote: On 4/22/14, 12:16 PM, Renshaw, Richard /c wrote: Jan, Without the trailing / the regex will match any directory starting with /lib, /lib64, /usr/lib, or /usr/lib64. Like the spurious /usr/libexec/ file I was running into. Even if the trailing / isn't the correct fix, something needs to be changed to fix the regex. Jan is right. Add a string terminator? e.g.: - <unix:path operation="pattern match">^\/lib(|64)\/|^\/usr\/lib(|64)\/</unix:path> + <unix:path operation="pattern match">^\/lib(|64)$|^\/usr\/lib(|64)$</unix:path> $ sudo chown root /lib $ sudo ./testcheck.py file_ownership_library_dirs.xml Evaluating with OVAL tempfile : /tmp/file_ownership_library_dirsp5REdU.xml Writing results to : /tmp/file_ownership_library_dirsp5REdU.xml-results Definition oval:scap-security-guide.testing:def:100: true Evaluation done. $ sudo chown shawn /lib $ sudo ./testcheck.py file_ownership_library_dirs.xml Evaluating with OVAL tempfile : /tmp/file_ownership_library_dirsWTFf4x.xml Writing results to : /tmp/file_ownership_library_dirsWTFf4x.xml-results Definition oval:scap-security-guide.testing:def:100: false Evaluation done. $ sudo chown shawn /usr/libexec/ ; sudo chown root /lib $ sudo ./testcheck.py file_ownership_library_dirs.xml Evaluating with OVAL tempfile : /tmp/file_ownership_library_dirsJ5RNOT.xml Writing results to : /tmp/file_ownership_library_dirsJ5RNOT.xml-results Definition oval:scap-security-guide.testing:def:100: true Evaluation done. _______________________________________________ scap-security-guide mailing list [email protected]<mailto:[email protected]> https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide Jan Ruzicka Senior Software Engineer Comtech Mobile Datacom Corporation 20430 Century Blvd, Germantown, MD 20874 Office: 240-686-3300 Fax: 240-686-3301 The information contained in this message may be privileged and/or confidential. If you are not the intended recipient, or responsible for delivering this message to the intended recipient, any review, forwarding, dissemination, distribution or copying of this communication or any attachment(s) is strictly prohibited. If you have received this message in error, please so notify the sender immediately, and delete it and all attachments from your computer and network.
_______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
