Doug, I know in the past that our method of handling multiple matches has changed and I'm checking for you on the precise behavior and how it has changed. In the interim, please try the following regex:
^ *[^#]?authpriv.*/.* Let me know if this works. Doug Nordwall wrote: > lets take CIS check 5.1 - printers. the relevant part is: > > file : "/etc/syslog.conf" > regex : "^ *[^#]*authpriv.*" > expect : "authpriv.*/var/log/secure" > > when trying this manually I see... > > # grep "^ *[^#]*authpriv.*" /etc/syslog.conf > *.info;cron.none;authpriv.none;local7.none /var/log/messages > authpriv.* /var/log/secure > authpriv.* @logginghost > > does FILE_CONTENT_CHECK handle multiple expects? if now, how might you > handle a case like this? > > -- > Doug Nordwall > Unix, Network, and Security Administrator > You mean the vision is subject to low subscription rates?!!? - Scott > Stone, on MMORPGs > > > ------------------------------------------------------------------------ > > _______________________________________________ > Nessus mailing list > [email protected] > http://mail.nessus.org/mailman/listinfo/nessus -- Best Regards, Paul Davis Research Engineer Tenable Network Security Inc Phone: 410.872.0555 www.tenablesecurity.com Is your network TENABLE? _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
