Is this object being used in a test that does a comparison on the numerical value? The parentheses around the \d+ in the previous version suggests that it is. Since the new parentheses create a second subexpression, that could interfere with the evaluation of the intended subexpression. There are a few ways around this, but unless the value of hard|- is needed somewhere, the cleanest way would be to make that a non-capturing group.
Shane Shaffer G2, Inc. [email protected] On Mon, Sep 30, 2013 at 1:14 PM, Shawn Wells <[email protected]> wrote: > On 9/30/13 1:09 PM, Frank Caviggia wrote: > >> From: Frank Caviggia<[email protected].**redhat.com<[email protected]> >> > >> >> Signed-off-by: Frank >> Caviggia<[email protected].**redhat.com<[email protected]> >> > >> --- >> RHEL6/input/checks/accounts_**max_concurrent_login_sessions.**xml | 2 >> +- >> RHEL6/input/checks/disable_**users_coredumps.xml | 2 +- >> 2 files changed, 2 insertions(+), 2 deletions(-) >> >> diff --git a/RHEL6/input/checks/accounts_**max_concurrent_login_sessions. >> **xml b/RHEL6/input/checks/accounts_**max_concurrent_login_sessions.**xml >> index cb2e859..a3658ff 100644 >> --- a/RHEL6/input/checks/accounts_**max_concurrent_login_sessions.**xml >> +++ b/RHEL6/input/checks/accounts_**max_concurrent_login_sessions.**xml >> @@ -21,7 +21,7 @@ >> <ind:textfilecontent54_object >> id="object_etc_security_**limits_conf_maxlogins" >> version="1"> >> <ind:filepath>/etc/security/**limits.conf</ind:filepath> >> - <ind:pattern operation="pattern match">^[\s]*\*[\s]+hard[\s]+** >> maxlogins[\s]+(\d+)\s*$</ind:**pattern> >> + <ind:pattern operation="pattern match">^[\s]*\*[\s]+(hard|-)[\** >> s]+maxlogins[\s]+(\d+)\s*$</**ind:pattern> >> <ind:instance datatype="int">1</ind:**instance> >> </ind:textfilecontent54_**object> >> diff --git a/RHEL6/input/checks/disable_**users_coredumps.xml >> b/RHEL6/input/checks/disable_**users_coredumps.xml >> index d8491cd..ad217a7 100644 >> --- a/RHEL6/input/checks/disable_**users_coredumps.xml >> +++ b/RHEL6/input/checks/disable_**users_coredumps.xml >> @@ -14,7 +14,7 @@ >> </criteria> >> </definition> >> <ind:textfilecontent54_test check="all" >> - comment="Tests the value of the ^[\s]*\*[\s]+hard[\s]+core[\s]**+([\d]+) >> setting in the /etc/security/limits.conf file" >> + comment="Tests the value of the >> ^[\s]*\*[\s]+(hard|-)[\s]+**core[\s]+([\d]+) >> setting in the /etc/security/limits.conf file" >> id="test_core_dumps_**limitsconf" version="1"> >> <ind:object object_ref="object_core_dumps_**limitsconf" /> >> <ind:state state_ref="state_core_dumps_**limitsconf" /> >> -- 1.8.3.1 >> > > Ack! Tested locally w/testcheck -- good call w/ensuring we support both > methods! > > > > ______________________________**_________________ > scap-security-guide mailing list > scap-security-guide@lists.**fedorahosted.org<[email protected]> > https://lists.fedorahosted.**org/mailman/listinfo/scap-**security-guide<https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide> >
_______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
