Thanks Martin. Indeed. I posted that on stackoverflow and got a good reponse.
^global\b(?:(?:(?:#|[ \t]+)[^\n]*|)\n)*?\s+(timeout\s+http-request\s+5000)\s*$ Phew! I know regex pretty well but I am sure I could not have come up with this. I think to be a regex expert as well, you need to abide by The 10,000 Hour Rule. I will keep sharing these regexes that I am writing. The next one on haproxy configuration is checking that EACH backend configuration has "cookie JSESSIONID prefix" configured. This would require first counting all backends and then counting all backends with that line and then doing a test. Thanks and regards, Pravin Goyal ________________________________________ From: Martin Preisler <[email protected]> Sent: Monday, May 2, 2016 7:09 PM To: Pravin Goyal Cc: [email protected] Subject: Re: [Open-scap] How to do prose based assessment in OVAL ----- Original Message ----- > From: "Pravin Goyal" <[email protected]> > To: [email protected] > Sent: Friday, April 29, 2016 1:30:41 AM > Subject: [Open-scap] How to do prose based assessment in OVAL > > > > Hi All, > > Need help. > > > > > I am attempting to write OVAL rules for haproxy. Most of the haproxy > configuration files are prose based. A sample file is as below: > > > > > > global > log 127.0.0.1 local0 > log 127.0.0.1 local1 notice > #log loghost local0 info > maxconn 32768 > tune. maxaccept -1 > chroot /var/lib/ haproxy > daemon > stats socket /var/run/ haproxy .sock mode 600 level admin > stats timeout 2m > > defaults > log global > mode http > option httplog > option dontlognull > retries 5 > option redispatch > maxconn 16384 > timeout connect 7s > timeout client 500s > timeout server 500s > timeout client-fin 30s > timeout tunnel 1h > > > Now suppose, I want to look for parameter ' maxconn ' in the defaults prose, > how do I check that? AFAIK the best way to do this is with multi-line regexes. -- Martin Preisler Identity Management and Platform Security | Red Hat, Inc. _______________________________________________ Open-scap-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/open-scap-list
