Hello Gautam,

----- Original Message -----

From: gautams@hpe.com To: scap-security-guide@lists.fedorahosted.org Sent: Thursday, January 7, 2016 4:58:42 PM Subject: Linux environment variables and OVAL filepath.

Hello folks,

I am trying to write an OVAL check to ensure that an application configuration file say $APP_HOME/a.conf is owned by the correct user_id and group_id.

From what I have briefly checked the currently implemented OVAL checks are comparing some config file filepath against fixed user / group id, e.g.: https://github.com/OpenSCAP/scap-security-guide/blob/master/shared/oval/file...

You might need to modify that OVAL to use some some environmental variable like e.g. in: https://github.com/OpenSCAP/scap-security-guide/blob/master/shared/oval/acco...

and combine the <file_object> with the <environment_variable> object e.g. like in: https://github.com/OpenSCAP/scap-security-guide/blob/master/shared/oval/acco...

I understand that the OVAL interpreter does not resolve enviroment variables if they are directly used in the filepath element.

Is there some way I can accomplish this using the OVAL environmentvariable58_object? I am trying to create a local_variable using the "value" of the object concatenated with the file name. I don't seem to be getting right. Is there a simpler way of performing this task? I would assume this is not a very uncommon use case.

If you provide a snippet of code you already have && it's failing, I can have a further look / comment further.

Thanks in advance.

Hope this helps.

Thank you && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Technologies Team

Regards, Gautam. -- SCAP Security Guide mailing list scap-security-guide@lists.fedorahosted.org https://lists.fedorahosted.org/admin/lists/scap-security-guide@lists.fedorah... https://github.com/OpenSCAP/scap-security-guide/