On 8/1/14, 4:30 PM, Jeremiah Jahn wrote:
diff --git a/RHEL/6/input/checks/bootloader_audit_argument.xml
b/RHEL/6/input/checks/bootloader_audit_argument.xml
index e22bb17..fdbca28 100644
--- a/RHEL/6/input/checks/bootloader_audit_argument.xml
+++ b/RHEL/6/input/checks/bootloader_audit_argument.xml
@@ -17,7 +17,7 @@
<ind:textfilecontent54_object id="object_bootloader_audit_argument"
version="1">
<ind:path>/etc</ind:path>
<ind:filename>grub.conf</ind:filename>
- <ind:pattern operation="pattern
match">^\s*kernel\s/vmlinuz.*audit=1.*$</ind:pattern>
+ <ind:pattern operation="pattern
match">^\s*kernel\s(/boot){0,1}/vmlinuz.*audit=1.*$</ind:pattern>
<ind:instance datatype="int">1</ind:instance>
</ind:textfilecontent54_object>
</def-group>
--
Hmm, this could be simplified even more... why not
"^\s*kernel.*audit=1.*$" ?
--
SCAP Security Guide mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
https://github.com/OpenSCAP/scap-security-guide/
