Hello folks,
I am trying to write an OVAL check to ensure that an application configuration file say $APP_HOME/a.conf is owned by the correct user_id and group_id. I understand that the OVAL interpreter does not resolve enviroment variables if they are directly used in the filepath element.
Is there some way I can accomplish this using the OVAL environmentvariable58_object? I am trying to create a local_variable using the "value" of the object concatenated with the file name. I don't seem to be getting right. Is there a simpler way of performing this task? I would assume this is not a very uncommon use case.
Thanks in advance.
Regards, Gautam.
Hello Gautam,
----- Original Message -----
From: gautams@hpe.com To: scap-security-guide@lists.fedorahosted.org Sent: Thursday, January 7, 2016 4:58:42 PM Subject: Linux environment variables and OVAL filepath.
Hello folks,
I am trying to write an OVAL check to ensure that an application configuration file say $APP_HOME/a.conf is owned by the correct user_id and group_id.
From what I have briefly checked the currently implemented OVAL checks are comparing some config file filepath against fixed user / group id, e.g.: https://github.com/OpenSCAP/scap-security-guide/blob/master/shared/oval/file...
You might need to modify that OVAL to use some some environmental variable like e.g. in: https://github.com/OpenSCAP/scap-security-guide/blob/master/shared/oval/acco...
and combine the <file_object> with the <environment_variable> object e.g. like in: https://github.com/OpenSCAP/scap-security-guide/blob/master/shared/oval/acco...
I understand that the OVAL interpreter does not resolve enviroment variables if they are directly used in the filepath element.
Is there some way I can accomplish this using the OVAL environmentvariable58_object? I am trying to create a local_variable using the "value" of the object concatenated with the file name. I don't seem to be getting right. Is there a simpler way of performing this task? I would assume this is not a very uncommon use case.
If you provide a snippet of code you already have && it's failing, I can have a further look / comment further.
Thanks in advance.
Hope this helps.
Thank you && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Technologies Team
Regards, Gautam. -- SCAP Security Guide mailing list scap-security-guide@lists.fedorahosted.org https://lists.fedorahosted.org/admin/lists/scap-security-guide@lists.fedorah... https://github.com/OpenSCAP/scap-security-guide/
Hello Jan,
Thank you for taking a look at this. My problem was that I was not able to figure out how to use the "value" field of the environmentvariable58_object in a local variable. I have corrected this referring to the "accounts_root_path_dirs_no_write" example you shared. Now it is working as I expect.
Thanks a lot!
Regards, Gautam.
scap-security-guide@lists.fedorahosted.org