10 Replies Latest reply on Jan 22, 2020 10:12 AM by Milton Stamper

    Compliance rule - looking for exact string

    Milton Stamper
      Share This:

      For those of you familiar w/most flavors of Linux, you can use 'grep -w <string>' to find the exact string in a file. Is there an equivalent in compliance rules using native objects? For example, I'm looking for the string 'chown' in /etc/audit/audit.rules to ensure that its use is being audited but when I use a compliance rule, the rule also picks up 'chownat' and 'fchownat' for example. The way the native object is structured only allows a search of the Path portion of the native object Configuration File Entry. So my rule is:

       

      exists "Configuration File Entry:/etc/audit/audit.rules//**" where

           @Path@ contains "chown"

       

      This picks up the line that contains 'chown' but also picks up the line that contains 'fchownat' et. al.

       

      Thoughts?