<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Hey Guys,<br>
<br>
SSG received a bug report (below) where a particular rule passes
in OpenSCAP but fails in another tool (SPAWAR's SCC). The error lies
within SSGs regex and subexpressions. <br>
<br>
What's interesting is the pass in OpenSCAP vs fail in another
tool. Should OpenSCAP's regex interpretation by tightened up? I'm
reading through the OVAL MatchPattern and regex support pages, seems
odd two tools would get different results.<br>
<br>
[1]
<a class="moz-txt-link-freetext" href="http://oval.sourceforge.net/api/net/sf/oval/constraint/MatchPattern.html">http://oval.sourceforge.net/api/net/sf/oval/constraint/MatchPattern.html</a><br>
[2] <a class="moz-txt-link-freetext" href="http://oval.mitre.org/language/about/re_support_5.6.html">http://oval.mitre.org/language/about/re_support_5.6.html</a><br>
<div class="moz-forward-container"><br>
<br>
-------- Original Message --------
<table class="moz-email-headers-table" border="0" cellpadding="0"
cellspacing="0">
<tbody>
<tr>
<th align="RIGHT" nowrap="nowrap" valign="BASELINE">Subject:
</th>
<td>SSG 0.1-14-14 - max_concurrent_login_sessions</td>
</tr>
<tr>
<th align="RIGHT" nowrap="nowrap" valign="BASELINE">Date: </th>
<td>Fri, 14 Feb 2014 11:19:40 -0800 (PST)</td>
</tr>
<tr>
<th align="RIGHT" nowrap="nowrap" valign="BASELINE">From: </th>
<td>ssg fthfth <a class="moz-txt-link-rfc2396E" href="mailto:ssgtesting1@yahoo.com"><ssgtesting1@yahoo.com></a></td>
</tr>
<tr>
<th align="RIGHT" nowrap="nowrap" valign="BASELINE">Reply-To:
</th>
<td><a class="moz-txt-link-abbreviated" href="mailto:scap-security-guide@lists.fedorahosted.org">scap-security-guide@lists.fedorahosted.org</a></td>
</tr>
<tr>
<th align="RIGHT" nowrap="nowrap" valign="BASELINE">To: </th>
<td><a class="moz-txt-link-abbreviated" href="mailto:scap-security-guide@lists.fedorahosted.org">scap-security-guide@lists.fedorahosted.org</a>
<a class="moz-txt-link-rfc2396E" href="mailto:scap-security-guide@lists.fedorahosted.org"><scap-security-guide@lists.fedorahosted.org></a></td>
</tr>
</tbody>
</table>
<br>
<br>
<pre>For SSGID Limit the Number of Concurrent Login Sessions Allowed Per User - (CCE-27457-1) with the stig-rhel6-server profile selected from the SCAP stream, when run with SCC 3.1.1.1, may produce an error on a RHEL6V1R2 complaint machine.
See the following report output:
Test ID: oval:ssg:tst:573
Result: error
Title: the value maxlogins should be set appropriately in /etc/security/limits.conf
Check Existence: One or more collected items must exist.
Check: All collected items must match the given state(s).
State Operator: All item-state comparisons must be true.
Object ID: oval:ssg:obj:1628
Object Requirements:
filepath must be equal to '/etc/security/limits.conf'
pattern must match the pattern '^[\s]*\*[\s]+(hard|-)[\s]+maxlogins[\s]+(\d+)\s*$'
instance must be equal to '1'
State ID: oval:ssg:ste:1629
State Requirements:
subexpression must be less than or equal to '10'
Collected Item Properties:
filepath equals '/etc/security/limits.conf'
path equals '/etc/security'
filename equals 'limits.conf'
pattern equals '^[\s]*\*[\s]+(hard|-)[\s]+maxlogins[\s]+(\d+)\s*$'
instance equals '1'
text equals '* hard maxlogins 10 '
subexpression equals 'hard'
subexpression equals '10'
Additional Information: Collected items did not meet the check requirement.
_______________________________________________
scap-security-guide mailing list
<a class="moz-txt-link-abbreviated" href="mailto:scap-security-guide@lists.fedorahosted.org">scap-security-guide@lists.fedorahosted.org</a>
<a class="moz-txt-link-freetext" href="https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide">https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide</a>
</pre>
<br>
</div>
<br>
</body>
</html>