Re: unix compliance checks - multiple returns on regexes

Wed, 04 Jun 2008 13:58:35 -0700 

Glad to help!

Doug Nordwall wrote:
> paul's regex actually worked pretty well. thanks!
> 
> On Wed, Jun 4, 2008 at 12:57 PM, Ron Gula <[EMAIL PROTECTED] 
> <mailto:[EMAIL PROTECTED]>> wrote:
> 
>     Doug Nordwall wrote:
>      > lets take CIS check 5.1 - printers. the relevant part is:
>      > file : "/etc/syslog.conf"
>      > regex : "^ *[^#]*authpriv.*"
>      > expect : "authpriv.*/var/log/secure"
>      >
>      > when trying this manually I see...
>      >
>      > # grep "^ *[^#]*authpriv.*" /etc/syslog.conf
>      > *.info;cron.none;authpriv.none;local7.none /var/log/messages
>      > authpriv.* /var/log/secure
>      > authpriv.* @logginghost
>      >
>      > does FILE_CONTENT_CHECK handle multiple expects? if now, how
>     might you
>      > handle a case like this?
>      >
> 
>     If you want to be more restrictive and look for "authpriv.*
>     /var/log/secure"
>     you can do something like this:
> 
>     <custom_item>
>             #System          : "Linux"
>             type             : FILE_CONTENT_CHECK
>             description      : "5.1 Capture Messages Sent To Syslog
>     AUTHPRIV Facility - should pass if 'authpriv' is set to
>     '/var/log/secure'."
>             file             : "/etc/syslog.conf"
>             regex            : "^authpriv.*/var/log/secure"
>             expect           : "authpriv.*/var/log/secure"
>     </custom_item>
> 
>     The purpose of the regex/expect is so you can have the flexibility
>     to look for other "variable setting" combinations that might be
>     invalid.
> 
>     Ron Gula
>     Tenable Network Security
> 
> 
> 
> 
> 
>     _______________________________________________
>     Nessus mailing list
>     [email protected] <mailto:[email protected]>
>     http://mail.nessus.org/mailman/listinfo/nessus
> 
> 
> 
> 
> -- 
> Doug Nordwall
> Unix, Network, and Security Administrator
> You mean the vision is subject to low subscription rates?!!? - Scott 
> Stone, on MMORPGs
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> Nessus mailing list
> [email protected]
> http://mail.nessus.org/mailman/listinfo/nessus

-- 
Best Regards,

Paul Davis
Research Engineer
Tenable Network Security Inc
Phone: 410.872.0555
www.tenablesecurity.com

Is your network TENABLE?
_______________________________________________
Nessus mailing list
[email protected]
http://mail.nessus.org/mailman/listinfo/nessus

Reply via email to