From 0a88755485a67e1e29c62196cc506763594f2154 Mon Sep 17 00:00:00 2001

From: =?UTF-8?q?Jan=20=C4=8Cern=C3=BD?= <jcerny@redhat.com>

Date: Thu, 1 Feb 2018 08:36:18 +0100

Subject: [PATCH 1/2] Do not fail aide_scan_notification with other email

 adresses

The rule aide_scan_notification says that AIDE should notify appropriate

personnell of the detials of an AIDE scan. The check currently requires

that the email address of the appropriate personell starts with 'root@'.

In practice, the email address could be any email address. The check

should match any email address.

Fixes RHBZ#1540505

---

 shared/checks/oval/aide_scan_notification.xml | 6 +++---

 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/shared/checks/oval/aide_scan_notification.xml b/shared/checks/oval/aide_scan_notification.xml

index 3293efb084..3aba02d144 100644

--- a/shared/checks/oval/aide_scan_notification.xml

+++ b/shared/checks/oval/aide_scan_notification.xml

@@ -23,7 +23,7 @@

   </ind:textfilecontent54_test>

   <ind:textfilecontent54_object comment="notify personnel when aide completes" id="object_test_aide_scan_notification" version="1">

     <ind:filepath>/etc/crontab</ind:filepath>

-    <ind:pattern operation="pattern match">^.*/usr/sbin/aide[\s]*\-\-check.*\|.*/bin/mail[\s]*-s[\s]*".*"[\s]*root@.*$</ind:pattern>

+    <ind:pattern operation="pattern match">^.*/usr/sbin/aide[\s]*\-\-check.*\|.*/bin/mail[\s]*-s[\s]*".*"[\s]*.*@.*$</ind:pattern>

     <ind:instance datatype="int" operation="greater than or equal">1</ind:instance>

   </ind:textfilecontent54_object>

@@ -32,7 +32,7 @@

   </ind:textfilecontent54_test>

   <ind:textfilecontent54_object comment="notify personnel when aide completes" id="object_aide_var_cron_notification" version="1">

     <ind:filepath>/var/spool/cron/root</ind:filepath>

-    <ind:pattern operation="pattern match">^.*/usr/sbin/aide[\s]*\-\-check.*\|.*/bin/mail[\s]*-s[\s]*".*"[\s]*root@.*$</ind:pattern>

+    <ind:pattern operation="pattern match">^.*/usr/sbin/aide[\s]*\-\-check.*\|.*/bin/mail[\s]*-s[\s]*".*"[\s]*.*@.*$</ind:pattern>

     <ind:instance datatype="int" operation="greater than or equal">1</ind:instance>

   </ind:textfilecontent54_object>

@@ -42,7 +42,7 @@

   <ind:textfilecontent54_object comment="notify personnel when aide completes in cron.(d|daily|weekly|monthly)" id="object_aide_crontabs_notification" version="1">

     <ind:path operation="pattern match">/etc/cron.(d|daily|weekly|monthly)</ind:path>

     <ind:filename operation="pattern match">^.*$</ind:filename>

-    <ind:pattern operation="pattern match">^.*/usr/sbin/aide[\s]*\-\-check.*\|.*/bin/mail[\s]*-s[\s]*".*"[\s]*root@.*$</ind:pattern>

+    <ind:pattern operation="pattern match">^.*/usr/sbin/aide[\s]*\-\-check.*\|.*/bin/mail[\s]*-s[\s]*".*"[\s]*.*@.*$</ind:pattern>

     <ind:instance datatype="int" operation="greater than or equal">1</ind:instance>

   </ind:textfilecontent54_object>

From 381ca3e54eb2e79c18f613a0d95e187e5e622005 Mon Sep 17 00:00:00 2001

From: =?UTF-8?q?Jan=20=C4=8Cern=C3=BD?= <jcerny@redhat.com>

Date: Mon, 5 Feb 2018 09:58:23 +0100

Subject: [PATCH 2/2] Match at least 1 character in email address

---

 shared/checks/oval/aide_scan_notification.xml | 6 +++---

 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/shared/checks/oval/aide_scan_notification.xml b/shared/checks/oval/aide_scan_notification.xml

index 3aba02d144..b9f8e78929 100644

--- a/shared/checks/oval/aide_scan_notification.xml

+++ b/shared/checks/oval/aide_scan_notification.xml

@@ -23,7 +23,7 @@

   </ind:textfilecontent54_test>

   <ind:textfilecontent54_object comment="notify personnel when aide completes" id="object_test_aide_scan_notification" version="1">

     <ind:filepath>/etc/crontab</ind:filepath>

-    <ind:pattern operation="pattern match">^.*/usr/sbin/aide[\s]*\-\-check.*\|.*/bin/mail[\s]*-s[\s]*".*"[\s]*.*@.*$</ind:pattern>

+    <ind:pattern operation="pattern match">^.*/usr/sbin/aide[\s]*\-\-check.*\|.*/bin/mail[\s]*-s[\s]*".*"[\s]*.+@.+$</ind:pattern>

     <ind:instance datatype="int" operation="greater than or equal">1</ind:instance>

   </ind:textfilecontent54_object>

@@ -32,7 +32,7 @@

   </ind:textfilecontent54_test>

   <ind:textfilecontent54_object comment="notify personnel when aide completes" id="object_aide_var_cron_notification" version="1">

     <ind:filepath>/var/spool/cron/root</ind:filepath>

-    <ind:pattern operation="pattern match">^.*/usr/sbin/aide[\s]*\-\-check.*\|.*/bin/mail[\s]*-s[\s]*".*"[\s]*.*@.*$</ind:pattern>

+    <ind:pattern operation="pattern match">^.*/usr/sbin/aide[\s]*\-\-check.*\|.*/bin/mail[\s]*-s[\s]*".*"[\s]*.+@.+$</ind:pattern>

     <ind:instance datatype="int" operation="greater than or equal">1</ind:instance>

   </ind:textfilecontent54_object>

@@ -42,7 +42,7 @@

   <ind:textfilecontent54_object comment="notify personnel when aide completes in cron.(d|daily|weekly|monthly)" id="object_aide_crontabs_notification" version="1">

     <ind:path operation="pattern match">/etc/cron.(d|daily|weekly|monthly)</ind:path>

     <ind:filename operation="pattern match">^.*$</ind:filename>

-    <ind:pattern operation="pattern match">^.*/usr/sbin/aide[\s]*\-\-check.*\|.*/bin/mail[\s]*-s[\s]*".*"[\s]*.*@.*$</ind:pattern>

+    <ind:pattern operation="pattern match">^.*/usr/sbin/aide[\s]*\-\-check.*\|.*/bin/mail[\s]*-s[\s]*".*"[\s]*.+@.+$</ind:pattern>

     <ind:instance datatype="int" operation="greater than or equal">1</ind:instance>

   </ind:textfilecontent54_object>