I noticed that the regex in ldap_client_pam_ldap_present was too limited. It
should look for lines with pam_ldap.so in them, not just lines that end with
it. Also, the period was not escaped.
I also went ahead and switched the pam_ldap.conf checks to use filepath instead
of path and filename, since that seems to be the standard going forward.
Maura Dailey (2):
Check was expecting pam_ldap.so to exist at least once with no
options at the end of the line. It's better to see if it exists in
the middle of a line. Also, fixed an unescaped period.
Tested both checks and switched to using filepath instead of separate
file and path tags.
.../input/checks/ldap_client_pam_ldap_present.xml | 13 ++++-----
RHEL6/input/checks/ldap_client_start_tls.xml | 14 ++++-------
RHEL6/input/checks/ldap_client_tls_cacertpath.xml | 26 +++++++------------
3 files changed, 21 insertions(+), 32 deletions(-)
_______________________________________________
scap-security-guide mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
