|
|
79aef7 |
From 0a88755485a67e1e29c62196cc506763594f2154 Mon Sep 17 00:00:00 2001
|
|
|
79aef7 |
From: =?UTF-8?q?Jan=20=C4=8Cern=C3=BD?= <jcerny@redhat.com>
|
|
|
79aef7 |
Date: Thu, 1 Feb 2018 08:36:18 +0100
|
|
|
79aef7 |
Subject: [PATCH 1/2] Do not fail aide_scan_notification with other email
|
|
|
79aef7 |
adresses
|
|
|
79aef7 |
|
|
|
79aef7 |
The rule aide_scan_notification says that AIDE should notify appropriate
|
|
|
79aef7 |
personnell of the detials of an AIDE scan. The check currently requires
|
|
|
79aef7 |
that the email address of the appropriate personell starts with 'root@'.
|
|
|
79aef7 |
In practice, the email address could be any email address. The check
|
|
|
79aef7 |
should match any email address.
|
|
|
79aef7 |
Fixes RHBZ#1540505
|
|
|
79aef7 |
---
|
|
|
79aef7 |
shared/checks/oval/aide_scan_notification.xml | 6 +++---
|
|
|
79aef7 |
1 file changed, 3 insertions(+), 3 deletions(-)
|
|
|
79aef7 |
|
|
|
79aef7 |
diff --git a/shared/checks/oval/aide_scan_notification.xml b/shared/checks/oval/aide_scan_notification.xml
|
|
|
79aef7 |
index 3293efb084..3aba02d144 100644
|
|
|
79aef7 |
--- a/shared/checks/oval/aide_scan_notification.xml
|
|
|
79aef7 |
+++ b/shared/checks/oval/aide_scan_notification.xml
|
|
|
79aef7 |
@@ -23,7 +23,7 @@
|
|
|
79aef7 |
</ind:textfilecontent54_test>
|
|
|
79aef7 |
<ind:textfilecontent54_object comment="notify personnel when aide completes" id="object_test_aide_scan_notification" version="1">
|
|
|
79aef7 |
<ind:filepath>/etc/crontab</ind:filepath>
|
|
|
79aef7 |
- <ind:pattern operation="pattern match">^.*/usr/sbin/aide[\s]*\-\-check.*\|.*/bin/mail[\s]*-s[\s]*".*"[\s]*root@.*$</ind:pattern>
|
|
|
79aef7 |
+ <ind:pattern operation="pattern match">^.*/usr/sbin/aide[\s]*\-\-check.*\|.*/bin/mail[\s]*-s[\s]*".*"[\s]*.*@.*$</ind:pattern>
|
|
|
79aef7 |
<ind:instance datatype="int" operation="greater than or equal">1</ind:instance>
|
|
|
79aef7 |
</ind:textfilecontent54_object>
|
|
|
79aef7 |
|
|
|
79aef7 |
@@ -32,7 +32,7 @@
|
|
|
79aef7 |
</ind:textfilecontent54_test>
|
|
|
79aef7 |
<ind:textfilecontent54_object comment="notify personnel when aide completes" id="object_aide_var_cron_notification" version="1">
|
|
|
79aef7 |
<ind:filepath>/var/spool/cron/root</ind:filepath>
|
|
|
79aef7 |
- <ind:pattern operation="pattern match">^.*/usr/sbin/aide[\s]*\-\-check.*\|.*/bin/mail[\s]*-s[\s]*".*"[\s]*root@.*$</ind:pattern>
|
|
|
79aef7 |
+ <ind:pattern operation="pattern match">^.*/usr/sbin/aide[\s]*\-\-check.*\|.*/bin/mail[\s]*-s[\s]*".*"[\s]*.*@.*$</ind:pattern>
|
|
|
79aef7 |
<ind:instance datatype="int" operation="greater than or equal">1</ind:instance>
|
|
|
79aef7 |
</ind:textfilecontent54_object>
|
|
|
79aef7 |
|
|
|
79aef7 |
@@ -42,7 +42,7 @@
|
|
|
79aef7 |
<ind:textfilecontent54_object comment="notify personnel when aide completes in cron.(d|daily|weekly|monthly)" id="object_aide_crontabs_notification" version="1">
|
|
|
79aef7 |
<ind:path operation="pattern match">/etc/cron.(d|daily|weekly|monthly)</ind:path>
|
|
|
79aef7 |
<ind:filename operation="pattern match">^.*$</ind:filename>
|
|
|
79aef7 |
- <ind:pattern operation="pattern match">^.*/usr/sbin/aide[\s]*\-\-check.*\|.*/bin/mail[\s]*-s[\s]*".*"[\s]*root@.*$</ind:pattern>
|
|
|
79aef7 |
+ <ind:pattern operation="pattern match">^.*/usr/sbin/aide[\s]*\-\-check.*\|.*/bin/mail[\s]*-s[\s]*".*"[\s]*.*@.*$</ind:pattern>
|
|
|
79aef7 |
<ind:instance datatype="int" operation="greater than or equal">1</ind:instance>
|
|
|
79aef7 |
</ind:textfilecontent54_object>
|
|
|
79aef7 |
|
|
|
79aef7 |
|
|
|
79aef7 |
From 381ca3e54eb2e79c18f613a0d95e187e5e622005 Mon Sep 17 00:00:00 2001
|
|
|
79aef7 |
From: =?UTF-8?q?Jan=20=C4=8Cern=C3=BD?= <jcerny@redhat.com>
|
|
|
79aef7 |
Date: Mon, 5 Feb 2018 09:58:23 +0100
|
|
|
79aef7 |
Subject: [PATCH 2/2] Match at least 1 character in email address
|
|
|
79aef7 |
|
|
|
79aef7 |
---
|
|
|
79aef7 |
shared/checks/oval/aide_scan_notification.xml | 6 +++---
|
|
|
79aef7 |
1 file changed, 3 insertions(+), 3 deletions(-)
|
|
|
79aef7 |
|
|
|
79aef7 |
diff --git a/shared/checks/oval/aide_scan_notification.xml b/shared/checks/oval/aide_scan_notification.xml
|
|
|
79aef7 |
index 3aba02d144..b9f8e78929 100644
|
|
|
79aef7 |
--- a/shared/checks/oval/aide_scan_notification.xml
|
|
|
79aef7 |
+++ b/shared/checks/oval/aide_scan_notification.xml
|
|
|
79aef7 |
@@ -23,7 +23,7 @@
|
|
|
79aef7 |
</ind:textfilecontent54_test>
|
|
|
79aef7 |
<ind:textfilecontent54_object comment="notify personnel when aide completes" id="object_test_aide_scan_notification" version="1">
|
|
|
79aef7 |
<ind:filepath>/etc/crontab</ind:filepath>
|
|
|
79aef7 |
- <ind:pattern operation="pattern match">^.*/usr/sbin/aide[\s]*\-\-check.*\|.*/bin/mail[\s]*-s[\s]*".*"[\s]*.*@.*$</ind:pattern>
|
|
|
79aef7 |
+ <ind:pattern operation="pattern match">^.*/usr/sbin/aide[\s]*\-\-check.*\|.*/bin/mail[\s]*-s[\s]*".*"[\s]*.+@.+$</ind:pattern>
|
|
|
79aef7 |
<ind:instance datatype="int" operation="greater than or equal">1</ind:instance>
|
|
|
79aef7 |
</ind:textfilecontent54_object>
|
|
|
79aef7 |
|
|
|
79aef7 |
@@ -32,7 +32,7 @@
|
|
|
79aef7 |
</ind:textfilecontent54_test>
|
|
|
79aef7 |
<ind:textfilecontent54_object comment="notify personnel when aide completes" id="object_aide_var_cron_notification" version="1">
|
|
|
79aef7 |
<ind:filepath>/var/spool/cron/root</ind:filepath>
|
|
|
79aef7 |
- <ind:pattern operation="pattern match">^.*/usr/sbin/aide[\s]*\-\-check.*\|.*/bin/mail[\s]*-s[\s]*".*"[\s]*.*@.*$</ind:pattern>
|
|
|
79aef7 |
+ <ind:pattern operation="pattern match">^.*/usr/sbin/aide[\s]*\-\-check.*\|.*/bin/mail[\s]*-s[\s]*".*"[\s]*.+@.+$</ind:pattern>
|
|
|
79aef7 |
<ind:instance datatype="int" operation="greater than or equal">1</ind:instance>
|
|
|
79aef7 |
</ind:textfilecontent54_object>
|
|
|
79aef7 |
|
|
|
79aef7 |
@@ -42,7 +42,7 @@
|
|
|
79aef7 |
<ind:textfilecontent54_object comment="notify personnel when aide completes in cron.(d|daily|weekly|monthly)" id="object_aide_crontabs_notification" version="1">
|
|
|
79aef7 |
<ind:path operation="pattern match">/etc/cron.(d|daily|weekly|monthly)</ind:path>
|
|
|
79aef7 |
<ind:filename operation="pattern match">^.*$</ind:filename>
|
|
|
79aef7 |
- <ind:pattern operation="pattern match">^.*/usr/sbin/aide[\s]*\-\-check.*\|.*/bin/mail[\s]*-s[\s]*".*"[\s]*.*@.*$</ind:pattern>
|
|
|
79aef7 |
+ <ind:pattern operation="pattern match">^.*/usr/sbin/aide[\s]*\-\-check.*\|.*/bin/mail[\s]*-s[\s]*".*"[\s]*.+@.+$</ind:pattern>
|
|
|
79aef7 |
<ind:instance datatype="int" operation="greater than or equal">1</ind:instance>
|
|
|
79aef7 |
</ind:textfilecontent54_object>
|
|
|
79aef7 |
|