[Open-scap] Library debugging and "OpenSCAP Error: Unable to receive a message from probe"
Tomas Heinrich
theinric at redhat.com
Mon Apr 15 17:38:35 UTC 2013
On 04/15/2013 05:12 PM, Daniel Kopecek wrote:
> However, it looks like there's also a bug in the content, which is
> rather old (F-14)
> and I don't know how much it was tested. The textfilecontent54 probe
> doesn't
> like something about the regexp it received with the object. CCing the
> author
> of the probe, he should be able to explain the problem in more detail.
The problem is indeed in the regexp:
$ grep -P "alias[:space:]net\-pf\-31[:space:]off" /etc/motd
grep: POSIX named classes are supported only within a class
Syntactically correct form would be:
"alias[[:space:]]net\-pf\-31[[:space:]]off"
> Here's the
> message from the probe's debug log:
>
> (19887:7f8064919700) [I:probes/probe-api.c:921:probe_msg_creatf]
> pcre_compile() 'alias[:space:]net\-pf\-31[:space:]off' POSIX named
> classes are supported only within a class.
>
> The input object was:
> ------
> ("seap.msg" ":id" 74 (("textfilecontent54_object" ":id"
> "oval:org.open-scap.f14:obj:2020151" ":oval_version" 84213760 ) (("path"
> ":operation" 5 ":var_check" 1 ) "/etc/modprobe.d" ) (("filename"
> ":operation" 11 ":var_check" 1 ) ".*\.conf" ) (("pattern" ":operation"
> 11 ":var_check" 1 ) "alias[:space:]net\-pf\-31[:space:]off" )
> (("instance" ":operation" 5 ":var_check" 1 ) 1 ) ) )
> -----------
Tomas
More information about the Open-scap-list
mailing list