ComplianceAsCode
Pattern matching not working correctly for command line
Hello, i think the pattern matching should be simply "mfetpd"
https://github.com/ComplianceAsCode/content/blob/e6ea793613ea472813ffe59d20e4c23f323da6cc/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_endpoint_security_software/agent_mfetpd_running/oval/shared.xml#L13 It did not worked with "^mfetpd.*$" personnally.
As you can see i have correct output when running the commands recommanded by the STIG https://www.stigviewer.com/stig/red_hat_enterprise_linux_9/2023-12-01/finding/V-257780
[root]# sudo rpm -qa | grep -i mcafeetp
McAfeeTP-10.7.17-66.x86_64
[root]# sudo ps -ef | grep -i mfetpd
root 2063 1 0 16:04 ? 00:00:17 /opt/McAfee/ens/tp/bin/mfetpd
root 2215 2063 0 16:04 ? 00:00:00 /opt/McAfee/ens/tp/bin/mfetpd
root 2222 2215 0 16:04 ? 00:00:00 /opt/McAfee/ens/tp/bin/mfetpd
root 2234 2215 0 16:04 ? 00:00:02 /opt/McAfee/ens/tp/bin/mfetpd
root 9767 6363 0 16:37 pts/1 00:00:00 grep --color=auto -i mfetpd
There might be either an issue with the pattern used or the <unix:command_line operation="pattern match"> instruction
Hello, i think the pattern matching should be simply "mfetpd"
https://github.com/ComplianceAsCode/content/blob/e6ea793613ea472813ffe59d20e4c23f323da6cc/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_endpoint_security_software/agent_mfetpd_running/oval/shared.xml#L13
It did not worked with "^mfetpd.*$" personnally.
It's probably because of the "^" which implies that "^ asserts position at start of a line" so it needs to actually start with
mfetpd
and here it looks like it's trying to match with the prefix of the location: "/opt/McAfee/ens/tp/bin/mfetpd" and this will probably not work,
maybe something like
.*\/mfetpd.*$ could work
