From 78b70a215233846bb1590b2c9fa436372e8cdf18 Mon Sep 17 00:00:00 2001
From: Gabriel Becker <ggasparb@redhat.com>
Date: Mon, 5 Oct 2020 13:34:22 +0200
Subject: [PATCH] Fix regex in aide rules to consider first letter as
 uppercase.

---
 .../aide/aide_use_fips_hashes/bash/shared.sh                  | 2 +-
 .../aide/aide_use_fips_hashes/oval/shared.xml                 | 4 ++--
 .../aide/aide_use_fips_hashes/tests/correct_value.pass.sh     | 1 +
 .../aide/aide_use_fips_hashes/tests/wrong_value.fail.sh       | 2 ++
 .../software-integrity/aide/aide_verify_acls/bash/shared.sh   | 2 +-
 .../software-integrity/aide/aide_verify_acls/oval/shared.xml  | 2 +-
 .../aide/aide_verify_acls/tests/correct_value.pass.sh         | 1 +
 .../aide/aide_verify_acls/tests/wrong_value.fail.sh           | 1 +
 .../aide/aide_verify_ext_attributes/bash/shared.sh            | 2 +-
 .../aide/aide_verify_ext_attributes/oval/shared.xml           | 2 +-
 .../aide_verify_ext_attributes/tests/correct_value.pass.sh    | 1 +
 .../aide/aide_verify_ext_attributes/tests/wrong_value.fail.sh | 1 +
 12 files changed, 14 insertions(+), 7 deletions(-)

diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_use_fips_hashes/bash/shared.sh b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_use_fips_hashes/bash/shared.sh
index f957996ecd..3e829abf72 100644
--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_use_fips_hashes/bash/shared.sh
+++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_use_fips_hashes/bash/shared.sh
@@ -5,7 +5,7 @@
 aide_conf="/etc/aide.conf"
 forbidden_hashes=(sha1 rmd160 sha256 whirlpool tiger haval gost crc32)
 
-groups=$(LC_ALL=C grep "^[A-Za-z]\+" $aide_conf | cut -f1 -d ' ' | tr -d ' ' | sort -u)
+groups=$(LC_ALL=C grep "^[A-Z][A-Za-z_]*" $aide_conf | cut -f1 -d ' ' | tr -d ' ' | sort -u)
 
 for group in $groups
 do
diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_use_fips_hashes/oval/shared.xml b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_use_fips_hashes/oval/shared.xml
index 8bd7901266..e800ba49bd 100644
--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_use_fips_hashes/oval/shared.xml
+++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_use_fips_hashes/oval/shared.xml
@@ -18,7 +18,7 @@
   <ind:textfilecontent54_object id="object_aide_non_fips_hashes"
   version="1">
     <ind:filepath>/etc/aide.conf</ind:filepath>
-    <ind:pattern operation="pattern match">^[a-zA-Z]*[\s]*=[\s]*.*(sha1|rmd160|sha256|whirlpool|tiger|haval|gost|crc32).*$</ind:pattern>
+    <ind:pattern operation="pattern match">^[A-Z][a-zA-Z_]*[\s]*=[\s]*.*(sha1|rmd160|sha256|whirlpool|tiger|haval|gost|crc32).*$</ind:pattern>
     <ind:instance datatype="int" operation="greater than or equal">0</ind:instance>
   </ind:textfilecontent54_object>
 
@@ -31,7 +31,7 @@
   <ind:textfilecontent54_object id="object_aide_use_fips_hashes"
   version="1">
     <ind:filepath>/etc/aide.conf</ind:filepath>
-    <ind:pattern operation="pattern match">^[a-zA-Z]*[\s]*=[\s]*([a-zA-Z0-9\+]*)$</ind:pattern>
+    <ind:pattern operation="pattern match">^[A-Z][A-Za-z_]*[\s]*=[\s]*([a-zA-Z0-9\+]*)$</ind:pattern>
     <ind:instance datatype="int" operation="greater than or equal">1</ind:instance>
   </ind:textfilecontent54_object>
   <ind:textfilecontent54_state id="state_aide_use_fips_hashes" version="1">
diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_use_fips_hashes/tests/correct_value.pass.sh b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_use_fips_hashes/tests/correct_value.pass.sh
index fb305ce441..c40ce01f7e 100644
--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_use_fips_hashes/tests/correct_value.pass.sh
+++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_use_fips_hashes/tests/correct_value.pass.sh
@@ -5,6 +5,7 @@ yum install -y aide
 
 cat >/etc/aide.conf <<EOL
 All = p+i+n+u+g+s+m+S+sha512+acl+xattrs+selinux
+option = yes
 /bin All # apply the custom rule to the files in bin 
 /sbin All # apply the same custom rule to the files in sbin 
 EOL
diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_use_fips_hashes/tests/wrong_value.fail.sh b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_use_fips_hashes/tests/wrong_value.fail.sh
index 19516ef3b3..f8ae79ce8a 100644
--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_use_fips_hashes/tests/wrong_value.fail.sh
+++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_use_fips_hashes/tests/wrong_value.fail.sh
@@ -5,6 +5,8 @@ yum install -y aide
 
 cat >/etc/aide.conf <<EOL
 All = p+i+n+u+g+s+m+S+acl+xattrs+selinux
+option = yes
+Group = selinux
 /bin All # apply the custom rule to the files in bin 
 /sbin All # apply the same custom rule to the files in sbin 
 EOL
diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_acls/bash/shared.sh b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_acls/bash/shared.sh
index 31190a28de..1de7a6f893 100644
--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_acls/bash/shared.sh
+++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_acls/bash/shared.sh
@@ -4,7 +4,7 @@
 
 aide_conf="/etc/aide.conf"
 
-groups=$(LC_ALL=C grep "^[A-Za-z]\+" $aide_conf | grep -v "^ALLXTRAHASHES" | cut -f1 -d '=' | tr -d ' ' | sort -u)
+groups=$(LC_ALL=C grep "^[A-Z][A-Za-z_]*" $aide_conf | grep -v "^ALLXTRAHASHES" | cut -f1 -d '=' | tr -d ' ' | sort -u)
 
 for group in $groups
 do
diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_acls/oval/shared.xml b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_acls/oval/shared.xml
index 5b7368a7f7..b9b45d28a2 100644
--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_acls/oval/shared.xml
+++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_acls/oval/shared.xml
@@ -16,7 +16,7 @@
   <ind:textfilecontent54_object id="object_aide_verify_acls"
   version="2">
     <ind:filepath>/etc/aide.conf</ind:filepath>
-    <ind:pattern operation="pattern match">^(?!ALLXTRAHASHES)[a-zA-Z]*[\s]*=[\s]*([a-zA-Z0-9\+]*)$</ind:pattern>
+    <ind:pattern operation="pattern match">^(?!ALLXTRAHASHES)[A-Z][a-zA-Z_]*[\s]*=[\s]*([a-zA-Z0-9\+]*)$</ind:pattern>
     <ind:instance datatype="int" operation="greater than or equal">1</ind:instance>
   </ind:textfilecontent54_object>
 
diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_acls/tests/correct_value.pass.sh b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_acls/tests/correct_value.pass.sh
index fb305ce441..c40ce01f7e 100644
--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_acls/tests/correct_value.pass.sh
+++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_acls/tests/correct_value.pass.sh
@@ -5,6 +5,7 @@ yum install -y aide
 
 cat >/etc/aide.conf <<EOL
 All = p+i+n+u+g+s+m+S+sha512+acl+xattrs+selinux
+option = yes
 /bin All # apply the custom rule to the files in bin 
 /sbin All # apply the same custom rule to the files in sbin 
 EOL
diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_acls/tests/wrong_value.fail.sh b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_acls/tests/wrong_value.fail.sh
index 651f7a631a..e6f18ff5b8 100644
--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_acls/tests/wrong_value.fail.sh
+++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_acls/tests/wrong_value.fail.sh
@@ -5,6 +5,7 @@ yum install -y aide
 
 cat >/etc/aide.conf <<EOL
 All = p+i+n+u+g+s+m+S+sha512+xattrs+selinux
+option = yes
 /bin All # apply the custom rule to the files in bin 
 /sbin All # apply the same custom rule to the files in sbin 
 EOL
diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_ext_attributes/bash/shared.sh b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_ext_attributes/bash/shared.sh
index a25ff2423e..1bce723a70 100644
--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_ext_attributes/bash/shared.sh
+++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_ext_attributes/bash/shared.sh
@@ -4,7 +4,7 @@
 
 aide_conf="/etc/aide.conf"
 
-groups=$(LC_ALL=C grep "^[A-Za-z]\+" $aide_conf | grep -v "^ALLXTRAHASHES" | cut -f1 -d '=' | tr -d ' ' | sort -u)
+groups=$(LC_ALL=C grep "^[A-Z][A-Za-z_]*" $aide_conf | grep -v "^ALLXTRAHASHES" | cut -f1 -d '=' | tr -d ' ' | sort -u)
 
 for group in $groups
 do
diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_ext_attributes/oval/shared.xml b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_ext_attributes/oval/shared.xml
index 8b64dddf9f..5ea93bb32a 100644
--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_ext_attributes/oval/shared.xml
+++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_ext_attributes/oval/shared.xml
@@ -16,7 +16,7 @@
   <ind:textfilecontent54_object id="object_aide_verify_ext_attributes"
   version="2">
     <ind:filepath>/etc/aide.conf</ind:filepath>
-    <ind:pattern operation="pattern match">^(?!ALLXTRAHASHES)[a-zA-Z]*[\s]*=[\s]*([a-zA-Z0-9\+]*)$</ind:pattern>
+    <ind:pattern operation="pattern match">^(?!ALLXTRAHASHES)[A-Z][a-zA-Z_]*[\s]*=[\s]*([a-zA-Z0-9\+]*)$</ind:pattern>
     <ind:instance datatype="int" operation="greater than or equal">1</ind:instance>
   </ind:textfilecontent54_object>
 
diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_ext_attributes/tests/correct_value.pass.sh b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_ext_attributes/tests/correct_value.pass.sh
index fb305ce441..c40ce01f7e 100644
--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_ext_attributes/tests/correct_value.pass.sh
+++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_ext_attributes/tests/correct_value.pass.sh
@@ -5,6 +5,7 @@ yum install -y aide
 
 cat >/etc/aide.conf <<EOL
 All = p+i+n+u+g+s+m+S+sha512+acl+xattrs+selinux
+option = yes
 /bin All # apply the custom rule to the files in bin 
 /sbin All # apply the same custom rule to the files in sbin 
 EOL
diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_ext_attributes/tests/wrong_value.fail.sh b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_ext_attributes/tests/wrong_value.fail.sh
index 970bd91536..9507131248 100644
--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_ext_attributes/tests/wrong_value.fail.sh
+++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_ext_attributes/tests/wrong_value.fail.sh
@@ -5,6 +5,7 @@ yum install -y aide
 
 cat >/etc/aide.conf <<EOL
 All = p+i+n+u+g+s+m+S+sha512+acl+selinux
+option = yes
 /bin All # apply the custom rule to the files in bin 
 /sbin All # apply the same custom rule to the files in sbin 
 EOL