3 Replies Latest reply on Dec 10, 2007 8:22 AM by Bill Robinson

    compliance job not finding config file entry

      I have a compliance rule that checks that core dumps are disabled in /etc/security/limits.conf. My rule isn't matching the config file entry even though I think it should. Here is the wildcard path in the compliance rule:

       

      /etc/security/limits.conf//\*-hard-core-0

       

      And here is the line in the config file:

       

      • hard core 0

       

      Anyone have an idea why my rule isn't matching the entry? I'm running BL 7.3 SP1.

       

      Andrew

        • 1. Re: compliance job not finding config file entry
          Bill Robinson

          how did you add the 'wildcard path' ? can you add it via the gui, by browsing servers?

           

          i've seen some odd behaviour w/ * depending where it is in the object.

          • 2. Re: compliance job not finding config file entry

            I added the wildcard path in the gui in the Compliance Rule Editor.

             

            I'm not really clear on the syntax of the wildcard path in the rule editor. It looks like whitespace need to be replaced with dashes, '-' and '' is a wildcard character that needs to be escaped to be treated as a literal. I've also seen a double star, '*', in some rules and I don't know what this is supposed to mean.

            • 3. Re: compliance job not finding config file entry
              Bill Robinson

              from the docs:

               

              Wild Card Explanation

              • Match multiple characters. This pattern does not match a path

              separator character, such as /. Consequently, a path using this

              wild card does not recurse through lower directories.

               

              • Match multiple characters, including path separator characters.

              Using this wild card allows a path to recurse through lower

              directories.

               

              ? Match any single character

               

              Match any single character if it is included in the bracketed

              characters.

               

              so the * should match everything in the config file or extended object at the same level, and the ** should match everything recursively - eg your extended object looks like:

              ext obj//someheading/someentry

               

              i've run into some questions around this matching as well and am trying to get clarification.