Hi,
I'm working on creating a custom 'system_audit' check with 'rootcheck' and
need a way to either match on a regex pattern or to match on 'greater than'
or 'less than' operators.
*This works for anything not matching '60':*
$login_defs=/etc/login.defs;
[RHEL Password Complexity Configuration: Password Expiration is greater
than 60 days] [any] [1]
f:$login_defs -> r:^PASS_MAX_DAYS && !r:60;
*This regex does not work:*
$login_defs=/etc/login.defs;
[RHEL Password Complexity Configuration: Password Expiration is greater
than 60 days] [any] [1]
f:$login_defs -> r:^PASS_MAX_DAYS && r:(([6-9][1-9])|([0-9]{3,7}));
Any help would be appreciated.
Thanks,
Patrick
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
