That's good to know. I just cribbed off of the way the pam matching
patterns did it. For example:
<ind:pattern operation="pattern
match">^\s*auth\s+(?:(?:sufficient)|(?:\[default=die\]))\s+pam_faillock\.so.*deny=([0-9]*).*$</ind:pattern>
On 5/19/14 3:53 PM, Andrew Gilmore wrote:
NACK on nit-picky RE issues...
I believe it is sufficient to only make the surrounding subpattern
non-matchable...
(?:hard|-)
instead of
(?:(?:hard)|(?:-))
I actually had success with no subpattern at all:
hard|-
but I'm not clear why.
Good catch though, I was about to put my patch for this one up. :)
On Mon, May 19, 2014 at 1:44 PM, Paul Tittle <[email protected]>wrote:
---
.../accounts_max_concurrent_login_sessions.xml | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git
a/RHEL/6/input/checks/accounts_max_concurrent_login_sessions.xml
b/RHEL/6/input/checks/accounts_max_concurrent_login_sessions.xml
index b08faa5..868c58e 100644
--- a/RHEL/6/input/checks/accounts_max_concurrent_login_sessions.xml
+++ b/RHEL/6/input/checks/accounts_max_concurrent_login_sessions.xml
@@ -21,7 +21,7 @@
<ind:textfilecontent54_object
id="object_etc_security_limits_conf_maxlogins" version="1">
<ind:filepath>/etc/security/limits.conf</ind:filepath>
- <ind:pattern operation="pattern
match">^[\s]*\*[\s]+[hard|-][\s]+maxlogins[\s]+(\d+)\s*$</ind:pattern>
+ <ind:pattern operation="pattern
match">^[\s]*\*[\s]+(?:(?:hard)|(?:-))[\s]+maxlogins[\s]+(\d+)\s*$</ind:pattern>
<ind:instance datatype="int">1</ind:instance>
</ind:textfilecontent54_object>
--
1.7.1
_______________________________________________
scap-security-guide mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
_______________________________________________
scap-security-guide mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
_______________________________________________
scap-security-guide mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
