lets take CIS check 5.1 - printers. the relevant part is: file : "/etc/syslog.conf" regex : "^ *[^#]*authpriv.*" expect : "authpriv.*/var/log/secure"
when trying this manually I see... # grep "^ *[^#]*authpriv.*" /etc/syslog.conf *.info;cron.none;authpriv.none;local7.none /var/log/messages authpriv.* /var/log/secure authpriv.* @logginghost does FILE_CONTENT_CHECK handle multiple expects? if now, how might you handle a case like this? -- Doug Nordwall Unix, Network, and Security Administrator You mean the vision is subject to low subscription rates?!!? - Scott Stone, on MMORPGs
_______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
