<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0in;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:Consolas;}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:Consolas;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
span.EmailStyle21
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.pl-en
{mso-style-name:pl-en;}
span.pl-k
{mso-style-name:pl-k;}
span.pl-c
{mso-style-name:pl-c;}
span.pl-c1
{mso-style-name:pl-c1;}
span.pl-smi
{mso-style-name:pl-smi;}
span.pl-s
{mso-style-name:pl-s;}
span.pl-pds
{mso-style-name:pl-pds;}
span.EmailStyle29
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="#0563C1" vlink="#954F72">
<div class="WordSection1">
<p class="MsoNormal"><span style="color:#1F497D"></span><o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">We currently have RedHat 7.5 systems and are running oscap ver. 1.2.16.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">We have AUTOFS remote shares that are getting scanned by the oscap tool. I see that you have option to disable the remote scanning but that doesn’t work.
<span style="color:#1F497D"> </span>We have several hundred systems that try to scan the network shares at the same time which is not a good thing and
<span style="color:#1F497D">the </span> oscap runs never complete. <span style="color:#1F497D">
</span> It <span style="color:#1F497D">actually </span>turns into a mini DOS attack.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">I’ve tried altering the profiles but that doesn’t make sense because we need the system to scan the local file systems.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">This is what we have in our definitions:<o:p></o:p></p>
<p><span style="font-size:10.0pt;font-family:"Calibri",sans-serif"><behaviors recurse="directories" recurse_direction="down" max_depth="-1" recurse_file_system="local" /><o:p></o:p></span></p>
<p><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">The above line doesn’t work. It will still scan our NetApp NFS mounted shares.<o:p></o:p></span></p>
<p><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal">I looked through the code <span style="color:#1F497D">at [ <a href="https://github.com/OpenSCAP/openscap/blob/900295ef58d121b15533fcd8736d3950417134b0/src/OVAL/probes/fsdev.c">
https://github.com/OpenSCAP/openscap/blob/900295ef58d121b15533fcd8736d3950417134b0/src/OVAL/probes/fsdev.c</a> ]
</span>and found this area for LINUX systems..<o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal">“”<o:p></o:p></p>
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" style="background:white;border-collapse:collapse">
<tbody>
<tr>
<td valign="top" style="padding:0in 7.5pt 0in 7.5pt">
<p class="MsoNormal" style="line-height:15.0pt"><span style="font-size:9.0pt;font-family:Consolas;color:#6F42C1">is_local_fs</span><span style="font-size:9.0pt;font-family:Consolas;color:#24292E">(</span><span style="font-size:9.0pt;font-family:Consolas;color:#D73A49">struct</span><span style="font-size:9.0pt;font-family:Consolas;color:#24292E">
mntent *ment)<o:p></o:p></span></p>
</td>
</tr>
<tr>
<td width="139" nowrap="" valign="top" style="width:37.5pt;padding:0in 7.5pt 0in 7.5pt">
</td>
<td valign="top" style="padding:0in 7.5pt 0in 7.5pt">
<p class="MsoNormal" style="line-height:15.0pt"><span style="font-size:9.0pt;font-family:Consolas;color:#24292E">{<o:p></o:p></span></p>
</td>
</tr>
<tr>
<td width="139" nowrap="" valign="top" style="width:37.5pt;padding:0in 7.5pt 0in 7.5pt">
</td>
<td valign="top" style="padding:0in 7.5pt 0in 7.5pt">
<p class="MsoNormal" style="line-height:15.0pt"><span style="font-size:9.0pt;font-family:Consolas;color:#6A737D">// todo: would it be usefull to provide the choice during build-time?</span><span style="font-size:9.0pt;font-family:Consolas;color:#24292E"><o:p></o:p></span></p>
</td>
</tr>
<tr>
<td width="139" nowrap="" valign="top" style="width:37.5pt;padding:0in 7.5pt 0in 7.5pt">
</td>
<td valign="top" style="padding:0in 7.5pt 0in 7.5pt">
<p class="MsoNormal" style="line-height:15.0pt"><span style="font-size:9.0pt;font-family:Consolas;color:#24292E">#</span><span style="font-size:9.0pt;font-family:Consolas;color:#D73A49">if</span><span style="font-size:9.0pt;font-family:Consolas;color:#24292E">
</span><span style="font-size:9.0pt;font-family:Consolas;color:#005CC5">1</span><span style="font-size:9.0pt;font-family:Consolas;color:#24292E"><o:p></o:p></span></p>
</td>
</tr>
<tr>
<td width="139" nowrap="" valign="top" style="width:37.5pt;padding:0in 7.5pt 0in 7.5pt">
</td>
<td valign="top" style="padding:0in 7.5pt 0in 7.5pt">
<p class="MsoNormal" style="line-height:15.0pt"><span style="font-size:9.0pt;font-family:Consolas;color:#24292E">
</span><span style="font-size:9.0pt;font-family:Consolas;color:#D73A49">char</span><span style="font-size:9.0pt;font-family:Consolas;color:#24292E"> *s;<o:p></o:p></span></p>
</td>
</tr>
<tr>
<td width="139" nowrap="" valign="top" style="width:37.5pt;padding:0in 7.5pt 0in 7.5pt">
</td>
<td valign="top" style="padding:0in 7.5pt 0in 7.5pt">
<p class="MsoNormal" style="line-height:15.0pt"><span style="font-size:9.0pt;font-family:Consolas;color:#24292E"><o:p> </o:p></span></p>
</td>
</tr>
<tr>
<td width="139" nowrap="" valign="top" style="width:37.5pt;padding:0in 7.5pt 0in 7.5pt">
</td>
<td valign="top" style="padding:0in 7.5pt 0in 7.5pt">
<p class="MsoNormal" style="line-height:15.0pt"><span style="font-size:9.0pt;font-family:Consolas;color:#24292E"> s = ment->mnt_fsname;<o:p></o:p></span></p>
</td>
</tr>
<tr>
<td width="139" nowrap="" valign="top" style="width:37.5pt;padding:0in 7.5pt 0in 7.5pt">
</td>
<td valign="top" style="padding:0in 7.5pt 0in 7.5pt">
<p class="MsoNormal" style="line-height:15.0pt"><span style="font-size:9.0pt;font-family:Consolas;color:#24292E">
</span><span style="font-size:9.0pt;font-family:Consolas;color:#6A737D">/* If the fsname begins with "//", it is probably CIFS. */</span><span style="font-size:9.0pt;font-family:Consolas;color:#24292E"><o:p></o:p></span></p>
</td>
</tr>
<tr>
<td width="139" nowrap="" valign="top" style="width:37.5pt;padding:0in 7.5pt 0in 7.5pt">
</td>
<td valign="top" style="padding:0in 7.5pt 0in 7.5pt">
<p class="MsoNormal" style="line-height:15.0pt"><span style="font-size:9.0pt;font-family:Consolas;color:#24292E">
</span><span style="font-size:9.0pt;font-family:Consolas;color:#D73A49">if</span><span style="font-size:9.0pt;font-family:Consolas;color:#24292E"> (s[</span><span style="font-size:9.0pt;font-family:Consolas;color:#005CC5">0</span><span style="font-size:9.0pt;font-family:Consolas;color:#24292E">]
== </span><span style="font-size:9.0pt;font-family:Consolas;color:#032F62">'/'</span><span style="font-size:9.0pt;font-family:Consolas;color:#24292E"> && s[</span><span style="font-size:9.0pt;font-family:Consolas;color:#005CC5">1</span><span style="font-size:9.0pt;font-family:Consolas;color:#24292E">]
== </span><span style="font-size:9.0pt;font-family:Consolas;color:#032F62">'/'</span><span style="font-size:9.0pt;font-family:Consolas;color:#24292E">)<o:p></o:p></span></p>
</td>
</tr>
<tr>
<td width="139" nowrap="" valign="top" style="width:37.5pt;padding:0in 7.5pt 0in 7.5pt">
</td>
<td valign="top" style="padding:0in 7.5pt 0in 7.5pt">
<p class="MsoNormal" style="line-height:15.0pt"><span style="font-size:9.0pt;font-family:Consolas;color:#24292E">
</span><span style="font-size:9.0pt;font-family:Consolas;color:#D73A49">return</span><span style="font-size:9.0pt;font-family:Consolas;color:#24292E">
</span><span style="font-size:9.0pt;font-family:Consolas;color:#005CC5">0</span><span style="font-size:9.0pt;font-family:Consolas;color:#24292E">;<o:p></o:p></span></p>
</td>
</tr>
<tr>
<td width="139" nowrap="" valign="top" style="width:37.5pt;padding:0in 7.5pt 0in 7.5pt">
</td>
<td valign="top" style="padding:0in 7.5pt 0in 7.5pt"></td>
</tr>
<tr>
<td width="139" nowrap="" valign="top" style="width:37.5pt;padding:0in 7.5pt 0in 7.5pt">
</td>
<td valign="top" style="padding:0in 7.5pt 0in 7.5pt">
<p class="MsoNormal" style="line-height:15.0pt"><span style="font-size:9.0pt;font-family:Consolas;color:#24292E">
</span><span style="font-size:9.0pt;font-family:Consolas;color:#6A737D">/* If there's a ':' in the fsname and it occurs before any</span><span style="font-size:9.0pt;font-family:Consolas;color:#24292E"><o:p></o:p></span></p>
</td>
</tr>
<tr>
<td width="139" nowrap="" valign="top" style="width:37.5pt;padding:0in 7.5pt 0in 7.5pt">
</td>
<td valign="top" style="padding:0in 7.5pt 0in 7.5pt">
<p class="MsoNormal" style="line-height:15.0pt"><span style="font-size:9.0pt;font-family:Consolas;color:#6A737D"> * '/', then this is probably NFS and the file system is</span><span style="font-size:9.0pt;font-family:Consolas;color:#24292E"><o:p></o:p></span></p>
</td>
</tr>
<tr>
<td width="139" nowrap="" valign="top" style="width:37.5pt;padding:0in 7.5pt 0in 7.5pt">
</td>
<td valign="top" style="padding:0in 7.5pt 0in 7.5pt">
<p class="MsoNormal" style="line-height:15.0pt"><span style="font-size:9.0pt;font-family:Consolas;color:#6A737D"> * considered "remote".</span><span style="font-size:9.0pt;font-family:Consolas;color:#24292E"><o:p></o:p></span></p>
</td>
</tr>
<tr>
<td width="139" nowrap="" valign="top" style="width:37.5pt;padding:0in 7.5pt 0in 7.5pt">
</td>
<td valign="top" style="padding:0in 7.5pt 0in 7.5pt">
<p class="MsoNormal" style="line-height:15.0pt"><span style="font-size:9.0pt;font-family:Consolas;color:#6A737D"> */</span><span style="font-size:9.0pt;font-family:Consolas;color:#24292E"><o:p></o:p></span></p>
</td>
</tr>
<tr>
<td width="139" nowrap="" valign="top" style="width:37.5pt;padding:0in 7.5pt 0in 7.5pt">
</td>
<td valign="top" style="padding:0in 7.5pt 0in 7.5pt">
<p class="MsoNormal" style="line-height:15.0pt"><span style="font-size:9.0pt;font-family:Consolas;color:#24292E"> s =
</span><span style="font-size:9.0pt;font-family:Consolas;color:#005CC5">strpbrk</span><span style="font-size:9.0pt;font-family:Consolas;color:#24292E">(s,
</span><span style="font-size:9.0pt;font-family:Consolas;color:#032F62">"/:"</span><span style="font-size:9.0pt;font-family:Consolas;color:#24292E">);<o:p></o:p></span></p>
</td>
</tr>
<tr>
<td width="139" nowrap="" valign="top" style="width:37.5pt;padding:0in 7.5pt 0in 7.5pt">
</td>
<td valign="top" style="padding:0in 7.5pt 0in 7.5pt">
<p class="MsoNormal" style="line-height:15.0pt"><span style="font-size:9.0pt;font-family:Consolas;color:#24292E">
</span><span style="font-size:9.0pt;font-family:Consolas;color:#D73A49">if</span><span style="font-size:9.0pt;font-family:Consolas;color:#24292E"> (s && *s ==
</span><span style="font-size:9.0pt;font-family:Consolas;color:#032F62">':'</span><span style="font-size:9.0pt;font-family:Consolas;color:#24292E">)<o:p></o:p></span></p>
</td>
</tr>
<tr>
<td width="139" nowrap="" valign="top" style="width:37.5pt;padding:0in 7.5pt 0in 7.5pt">
</td>
<td valign="top" style="padding:0in 7.5pt 0in 7.5pt">
<p class="MsoNormal" style="line-height:15.0pt"><span style="font-size:9.0pt;font-family:Consolas;color:#24292E">
</span><span style="font-size:9.0pt;font-family:Consolas;color:#D73A49">return</span><span style="font-size:9.0pt;font-family:Consolas;color:#24292E">
</span><span style="font-size:9.0pt;font-family:Consolas;color:#005CC5">0</span><span style="font-size:9.0pt;font-family:Consolas;color:#24292E">;<o:p></o:p></span></p>
</td>
</tr>
<tr>
<td width="139" nowrap="" valign="top" style="width:37.5pt;padding:0in 7.5pt 0in 7.5pt">
</td>
<td valign="top" style="padding:0in 7.5pt 0in 7.5pt">
<p class="MsoNormal" style="line-height:15.0pt"><span style="font-size:9.0pt;font-family:Consolas;color:#24292E"><o:p> </o:p></span></p>
</td>
</tr>
<tr>
<td width="139" nowrap="" valign="top" style="width:37.5pt;padding:0in 7.5pt 0in 7.5pt">
</td>
<td valign="top" style="padding:0in 7.5pt 0in 7.5pt">
<p class="MsoNormal" style="line-height:15.0pt"><span style="font-size:9.0pt;font-family:Consolas;color:#24292E">
</span><span style="font-size:9.0pt;font-family:Consolas;color:#D73A49">return</span><span style="font-size:9.0pt;font-family:Consolas;color:#24292E">
</span><span style="font-size:9.0pt;font-family:Consolas;color:#005CC5">1</span><span style="font-size:9.0pt;font-family:Consolas;color:#24292E">;<o:p></o:p></span></p>
</td>
</tr>
<tr>
<td width="139" nowrap="" valign="top" style="width:37.5pt;padding:0in 7.5pt 0in 7.5pt">
</td>
<td valign="top" style="padding:0in 7.5pt 0in 7.5pt">
<p class="MsoNormal" style="line-height:15.0pt"><span style="font-size:9.0pt;font-family:Consolas;color:#24292E">#</span><span style="font-size:9.0pt;font-family:Consolas;color:#D73A49">else</span><span style="font-size:9.0pt;font-family:Consolas;color:#24292E"><o:p></o:p></span></p>
</td>
</tr>
</tbody>
</table>
<p class="MsoNormal">“”<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">It seems like you are looking for a string to determine if it’s a remote file system. Can you guys simply use the system call “getmntent” system call and pull the information from the following. { char *mnt_type }<o:p></o:p></p>
<p class="MsoNormal"><br>
The <i>mntent</i> structure is defined in <i><mntent.h></i> as follows:<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"> struct mntent {<o:p></o:p></p>
<p class="MsoNormal"> char *mnt_fsname; /* name of mounted filesystem */<o:p></o:p></p>
<p class="MsoNormal"> char *mnt_dir; /* filesystem path prefix */<o:p></o:p></p>
<p class="MsoNormal"> char *mnt_type; /* mount type (see mntent.h) */<o:p></o:p></p>
<p class="MsoNormal"> char *mnt_opts; /* mount options (see mntent.h) */<o:p></o:p></p>
<p class="MsoNormal"> int mnt_freq; /* dump frequency in days */<o:p></o:p></p>
<p class="MsoNormal"> int mnt_passno; /* pass number on parallel fsck */<o:p></o:p></p>
<p class="MsoNormal"> };<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">I’m assuming that the mnt_type above would say nfs, cifs, etc….<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">NOTE: I would keep <span style="color:#1F497D">the block of code you already have above
</span>since it works for some <span style="color:#1F497D">systems. I would simply add another search using the system c</span>all for those systems that the string search doesn’t
<span style="color:#1F497D">catch</span>.<o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">If you have anything else I could try to prevent the oscap tool from scanning the NFS mounted shares “I’m all ears”.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Thanks<span style="color:#1F497D">,</span><o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Clarence<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</body>
</html>