2 Replies Latest reply on Aug 3, 2011 9:56 AM by Alan Russell

    Compliance rule to check /etc/filesystems

    Alan Russell

      Trying to craft a rule to parse /etc/filesystems to see if the options line contains nosuid for only nfs mounts. I don't have any problem locating nfs mounted fielsystems using "Config File Entry:/etc/filesystems//**/vfs"."Value1 as String (All OS)" = "nfs". I can't seem to get it to then limit locating the options stanza in just the mounts that are nfs type. For example, if I have a NFS mount - /mynfs and that is found how would I limit the next level search? It would be something like "Config File Entry:/etc/filesystems//**/options"."Value2 as String (All OS)" contains "soft".  I think I don't understand when to use the if then else or foreach loop to not start a search of the entire /etc/filesystem but only restrict it to mounts that return true for when vfs=nfs.

       

      Regards          

        • 1. Re: Compliance rule to check /etc/filesystems
          Bill Robinson

          couldn't you do like 'valueX = nfs and valueY contains soft' ?

          or

          if valueX = nfs

          then

          valueY contains soft

           

          • 2. Compliance rule to check /etc/filesystems
            Alan Russell

            Bill, thanks.

            I have used that but it only works if I declare the nfs filesystem and not wildcard it. So something like

            +++++++++++++++++++++++++++++++++++++++++++

            if

            Configuration File Entry:/etc/filesystems//\/mnt\/MyNFS/options"."Value1 as String (All OS)" = "bg" AND

            Configuration File Entry:/etc/filesystems//\/mnt\/MyNFS/vfs"."Value1 as String (All OS)" = "nfs"

            then

            Configuration File Entry:/etc/filesystems//\/mnt\/MyNFS/options"Value4 as String (All OS)" = "nosuid"

            +++++++++++++++++++++++++++++++++++++++++++

            This will work because none of the current NFS options contain nosuid but the Value1 string does contain bg.

             

            Now since I don't know what the nfs mount is on any one system I tried to wildcard it by using

            +++++++++++++++++++++++++++++++++++++++++++

            if

            Configuration File Entry:/etc/filesystems//**/options"."Value1 as String (All OS)" = "bg" AND

            Configuration File Entry:/etc/filesystems//**/vfs"."Value1 as String (All OS)" = "nfs"

            then

            Configuration File Entry:/etc/filesystems//**/options"Value4 as String (All OS)" = "nosuid"

            ++++++++++++++++++++++++++++++++++++++++++++

            This rule never fails or gets into the then statement.

             

             

            Partial contents of  /etc/filesystems

             

            /stage:

                    dev             = /dev/lv_stage

                    vfs             = jfs2

                    log             = /dev/hd8

                    mount           = true

                    account         = false

             

            /mnt/MyNFS:

                    dev             = "/vol/images/uniximages/"

                    vfs             = nfs

                    nodename        = mynfsserver

                    mount           = true

                    type            = sys

                    options         = bg,soft,intr

                    account         = false

             

            /syslog:

                    dev             = /dev/lv_syslog

                    vfs             = jfs2

                    log             = INLINE

                    mount           = true

                    options         = noatime,rw

                    account         = false

             

            Regards