Module to handle arbitrary commands and miscellaneous checks

Question

Module to handle arbitrary commands and miscellaneous checks

Closed this issue 8 years ago · 6 comments

would like to be able to look for specific strings/results from the output of a command. For instance item 1.3.2 for RHEL/CentOS (crontab -u root -l | grep aide) or 1.2.2 for RHEL/CentOS (rpm -q --queryformat "%{SUMMARY}\n" gpg-pubkey).

Answer 1 · 2016-04-24T20:24:57.000Z

We're planning some discussion on how to best handle arbitrary command checks. This is coming, we just want to do it right. Hopefully not too much longer.

Answer 2 · 2016-04-24T20:37:28.000Z

sounds good - i'm working on adding RHEL 6 to the CIS.yaml file now. Then will start building profiles for the various DISA STIG for RHEL 6. When I find other features/enhancements, would you want me to just create an issue like i did for this one?

Answer 3 · 2016-04-24T22:49:47.000Z

Yes please. Any feedback, feature requests or bugs you might have please file them here. We're very interested in community feedback.

Answer 4 · 2016-05-09T20:02:45.000Z

I'm going to work on spec'ing out a module and yaml syntax for this.

Answer 5 · 2016-05-10T12:29:31.000Z

as you are thinking of the logic for this, if you have a match_output section, sometimes inspections are looking for specific output or patterns; othertimes they are looking to make sure that certain output is NOT present.

Answer 6 · 2016-05-10T15:30:39.000Z

Right. I expect it will have an arg for flipping between matches being treated as success, or matches being treated as failures.