Hello Gautam, ----- Original Message ----- > From: [email protected] > To: [email protected] > Sent: Thursday, January 7, 2016 4:58:42 PM > Subject: Linux environment variables and OVAL filepath. > > Hello folks, > > I am trying to write an OVAL check to ensure that an application > configuration file say $APP_HOME/a.conf is owned by the correct user_id and > group_id.
From what I have briefly checked the currently implemented OVAL checks are comparing some config file filepath against fixed user / group id, e.g.: https://github.com/OpenSCAP/scap-security-guide/blob/master/shared/oval/file_owner_etc_group.xml You might need to modify that OVAL to use some some environmental variable like e.g. in: https://github.com/OpenSCAP/scap-security-guide/blob/master/shared/oval/accounts_root_path_dirs_no_write.xml and combine the <file_object> with the <environment_variable> object e.g. like in: https://github.com/OpenSCAP/scap-security-guide/blob/master/shared/oval/accounts_password_pam_dcredit.xml > I understand that the OVAL interpreter does not resolve enviroment > variables if they are directly used in the filepath element. > > Is there some way I can accomplish this using the OVAL > environmentvariable58_object? I am trying to create a local_variable using > the "value" of the object concatenated with the file name. I don't seem to > be getting right. Is there a simpler way of performing this task? I would > assume this is not a very uncommon use case. If you provide a snippet of code you already have && it's failing, I can have a further look / comment further. > > Thanks in advance. Hope this helps. Thank you && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Technologies Team > > Regards, > Gautam. > -- > SCAP Security Guide mailing list > [email protected] > https://lists.fedorahosted.org/admin/lists/[email protected] > https://github.com/OpenSCAP/scap-security-guide/ > -- SCAP Security Guide mailing list [email protected] https://lists.fedorahosted.org/admin/lists/[email protected] https://github.com/OpenSCAP/scap-security-guide/
