From 78b70a215233846bb1590b2c9fa436372e8cdf18 Mon Sep 17 00:00:00 2001

From: Gabriel Becker <ggasparb@redhat.com>

Date: Mon, 5 Oct 2020 13:34:22 +0200

Subject: [PATCH] Fix regex in aide rules to consider first letter as

 uppercase.

---

 .../aide/aide_use_fips_hashes/bash/shared.sh                  | 2 +-

 .../aide/aide_use_fips_hashes/oval/shared.xml                 | 4 ++--

 .../aide/aide_use_fips_hashes/tests/correct_value.pass.sh     | 1 +

 .../aide/aide_use_fips_hashes/tests/wrong_value.fail.sh       | 2 ++

 .../software-integrity/aide/aide_verify_acls/bash/shared.sh   | 2 +-

 .../software-integrity/aide/aide_verify_acls/oval/shared.xml  | 2 +-

 .../aide/aide_verify_acls/tests/correct_value.pass.sh         | 1 +

 .../aide/aide_verify_acls/tests/wrong_value.fail.sh           | 1 +

 .../aide/aide_verify_ext_attributes/bash/shared.sh            | 2 +-

 .../aide/aide_verify_ext_attributes/oval/shared.xml           | 2 +-

 .../aide_verify_ext_attributes/tests/correct_value.pass.sh    | 1 +

 .../aide/aide_verify_ext_attributes/tests/wrong_value.fail.sh | 1 +

 12 files changed, 14 insertions(+), 7 deletions(-)

diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_use_fips_hashes/bash/shared.sh b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_use_fips_hashes/bash/shared.sh

index f957996ecd..3e829abf72 100644

--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_use_fips_hashes/bash/shared.sh

+++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_use_fips_hashes/bash/shared.sh

@@ -5,7 +5,7 @@

 aide_conf="/etc/aide.conf"

 forbidden_hashes=(sha1 rmd160 sha256 whirlpool tiger haval gost crc32)

-groups=$(LC_ALL=C grep "^[A-Za-z]\+" $aide_conf | cut -f1 -d ' ' | tr -d ' ' | sort -u)

+groups=$(LC_ALL=C grep "^[A-Z][A-Za-z_]*" $aide_conf | cut -f1 -d ' ' | tr -d ' ' | sort -u)

 for group in $groups

 do

diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_use_fips_hashes/oval/shared.xml b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_use_fips_hashes/oval/shared.xml

index 8bd7901266..e800ba49bd 100644

--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_use_fips_hashes/oval/shared.xml

+++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_use_fips_hashes/oval/shared.xml

@@ -18,7 +18,7 @@

   version="1">

     <ind:filepath>/etc/aide.conf</ind:filepath>

-    <ind:pattern operation="pattern match">^[a-zA-Z]*[\s]*=[\s]*.*(sha1|rmd160|sha256|whirlpool|tiger|haval|gost|crc32).*$</ind:pattern>

+    <ind:pattern operation="pattern match">^[A-Z][a-zA-Z_]*[\s]*=[\s]*.*(sha1|rmd160|sha256|whirlpool|tiger|haval|gost|crc32).*$</ind:pattern>

     <ind:instance datatype="int" operation="greater than or equal">0</ind:instance>

   </ind:textfilecontent54_object>

@@ -31,7 +31,7 @@

   version="1">

     <ind:filepath>/etc/aide.conf</ind:filepath>

-    <ind:pattern operation="pattern match">^[a-zA-Z]*[\s]*=[\s]*([a-zA-Z0-9\+]*)$</ind:pattern>

+    <ind:pattern operation="pattern match">^[A-Z][A-Za-z_]*[\s]*=[\s]*([a-zA-Z0-9\+]*)$</ind:pattern>

     <ind:instance datatype="int" operation="greater than or equal">1</ind:instance>

   </ind:textfilecontent54_object>

   <ind:textfilecontent54_state id="state_aide_use_fips_hashes" version="1">

diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_use_fips_hashes/tests/correct_value.pass.sh b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_use_fips_hashes/tests/correct_value.pass.sh

index fb305ce441..c40ce01f7e 100644

--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_use_fips_hashes/tests/correct_value.pass.sh

+++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_use_fips_hashes/tests/correct_value.pass.sh

@@ -5,6 +5,7 @@ yum install -y aide

 cat >/etc/aide.conf <

 All = p+i+n+u+g+s+m+S+sha512+acl+xattrs+selinux

+option = yes

 /bin All # apply the custom rule to the files in bin 

 /sbin All # apply the same custom rule to the files in sbin 

 EOL

diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_use_fips_hashes/tests/wrong_value.fail.sh b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_use_fips_hashes/tests/wrong_value.fail.sh

index 19516ef3b3..f8ae79ce8a 100644

--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_use_fips_hashes/tests/wrong_value.fail.sh

+++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_use_fips_hashes/tests/wrong_value.fail.sh

@@ -5,6 +5,8 @@ yum install -y aide

 cat >/etc/aide.conf <

 All = p+i+n+u+g+s+m+S+acl+xattrs+selinux

+option = yes

+Group = selinux

 /bin All # apply the custom rule to the files in bin 

 /sbin All # apply the same custom rule to the files in sbin 

 EOL

diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_acls/bash/shared.sh b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_acls/bash/shared.sh

index 31190a28de..1de7a6f893 100644

--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_acls/bash/shared.sh

+++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_acls/bash/shared.sh

@@ -4,7 +4,7 @@

 aide_conf="/etc/aide.conf"

-groups=$(LC_ALL=C grep "^[A-Za-z]\+" $aide_conf | grep -v "^ALLXTRAHASHES" | cut -f1 -d '=' | tr -d ' ' | sort -u)

+groups=$(LC_ALL=C grep "^[A-Z][A-Za-z_]*" $aide_conf | grep -v "^ALLXTRAHASHES" | cut -f1 -d '=' | tr -d ' ' | sort -u)

 for group in $groups

 do

diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_acls/oval/shared.xml b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_acls/oval/shared.xml

index 5b7368a7f7..b9b45d28a2 100644

--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_acls/oval/shared.xml

+++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_acls/oval/shared.xml

@@ -16,7 +16,7 @@

   version="2">

     <ind:filepath>/etc/aide.conf</ind:filepath>

-    <ind:pattern operation="pattern match">^(?!ALLXTRAHASHES)[a-zA-Z]*[\s]*=[\s]*([a-zA-Z0-9\+]*)$</ind:pattern>

+    <ind:pattern operation="pattern match">^(?!ALLXTRAHASHES)[A-Z][a-zA-Z_]*[\s]*=[\s]*([a-zA-Z0-9\+]*)$</ind:pattern>

     <ind:instance datatype="int" operation="greater than or equal">1</ind:instance>

   </ind:textfilecontent54_object>

diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_acls/tests/correct_value.pass.sh b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_acls/tests/correct_value.pass.sh

index fb305ce441..c40ce01f7e 100644

--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_acls/tests/correct_value.pass.sh

+++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_acls/tests/correct_value.pass.sh

@@ -5,6 +5,7 @@ yum install -y aide

 cat >/etc/aide.conf <

 All = p+i+n+u+g+s+m+S+sha512+acl+xattrs+selinux

+option = yes

 /bin All # apply the custom rule to the files in bin 

 /sbin All # apply the same custom rule to the files in sbin 

 EOL

diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_acls/tests/wrong_value.fail.sh b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_acls/tests/wrong_value.fail.sh

index 651f7a631a..e6f18ff5b8 100644

--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_acls/tests/wrong_value.fail.sh

+++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_acls/tests/wrong_value.fail.sh

@@ -5,6 +5,7 @@ yum install -y aide

 cat >/etc/aide.conf <

 All = p+i+n+u+g+s+m+S+sha512+xattrs+selinux

+option = yes

 /bin All # apply the custom rule to the files in bin 

 /sbin All # apply the same custom rule to the files in sbin 

 EOL

diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_ext_attributes/bash/shared.sh b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_ext_attributes/bash/shared.sh

index a25ff2423e..1bce723a70 100644

--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_ext_attributes/bash/shared.sh

+++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_ext_attributes/bash/shared.sh

@@ -4,7 +4,7 @@

 aide_conf="/etc/aide.conf"

-groups=$(LC_ALL=C grep "^[A-Za-z]\+" $aide_conf | grep -v "^ALLXTRAHASHES" | cut -f1 -d '=' | tr -d ' ' | sort -u)

+groups=$(LC_ALL=C grep "^[A-Z][A-Za-z_]*" $aide_conf | grep -v "^ALLXTRAHASHES" | cut -f1 -d '=' | tr -d ' ' | sort -u)

 for group in $groups

 do

diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_ext_attributes/oval/shared.xml b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_ext_attributes/oval/shared.xml

index 8b64dddf9f..5ea93bb32a 100644

--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_ext_attributes/oval/shared.xml

+++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_ext_attributes/oval/shared.xml

@@ -16,7 +16,7 @@

   version="2">

     <ind:filepath>/etc/aide.conf</ind:filepath>

-    <ind:pattern operation="pattern match">^(?!ALLXTRAHASHES)[a-zA-Z]*[\s]*=[\s]*([a-zA-Z0-9\+]*)$</ind:pattern>

+    <ind:pattern operation="pattern match">^(?!ALLXTRAHASHES)[A-Z][a-zA-Z_]*[\s]*=[\s]*([a-zA-Z0-9\+]*)$</ind:pattern>

     <ind:instance datatype="int" operation="greater than or equal">1</ind:instance>

   </ind:textfilecontent54_object>

diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_ext_attributes/tests/correct_value.pass.sh b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_ext_attributes/tests/correct_value.pass.sh

index fb305ce441..c40ce01f7e 100644

--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_ext_attributes/tests/correct_value.pass.sh

+++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_ext_attributes/tests/correct_value.pass.sh

@@ -5,6 +5,7 @@ yum install -y aide

 cat >/etc/aide.conf <

 All = p+i+n+u+g+s+m+S+sha512+acl+xattrs+selinux

+option = yes

 /bin All # apply the custom rule to the files in bin 

 /sbin All # apply the same custom rule to the files in sbin 

 EOL

diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_ext_attributes/tests/wrong_value.fail.sh b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_ext_attributes/tests/wrong_value.fail.sh

index 970bd91536..9507131248 100644

--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_ext_attributes/tests/wrong_value.fail.sh

+++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_ext_attributes/tests/wrong_value.fail.sh

@@ -5,6 +5,7 @@ yum install -y aide

 cat >/etc/aide.conf <

 All = p+i+n+u+g+s+m+S+sha512+acl+selinux

+option = yes

 /bin All # apply the custom rule to the files in bin 

 /sbin All # apply the same custom rule to the files in sbin 

 EOL