Pattern matching not working correctly for command line

[Hephaisto-dev]

Hello, i think the pattern matching should be simply "mfetpd"

https://github.com/ComplianceAsCode/content/blob/e6ea793613ea472813ffe59d20e4c23f323da6cc/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_endpoint_security_software/agent_mfetpd_running/oval/shared.xml#L13 It did not worked with "^mfetpd.*$" personnally.

As you can see i have correct output when running the commands recommanded by the STIG https://www.stigviewer.com/stig/red_hat_enterprise_linux_9/2023-12-01/finding/V-257780

[root]# sudo rpm -qa | grep -i mcafeetp
McAfeeTP-10.7.17-66.x86_64
[root]# sudo ps -ef | grep -i mfetpd
root        2063       1  0 16:04 ?        00:00:17 /opt/McAfee/ens/tp/bin/mfetpd
root        2215    2063  0 16:04 ?        00:00:00 /opt/McAfee/ens/tp/bin/mfetpd
root        2222    2215  0 16:04 ?        00:00:00 /opt/McAfee/ens/tp/bin/mfetpd
root        2234    2215  0 16:04 ?        00:00:02 /opt/McAfee/ens/tp/bin/mfetpd
root        9767    6363  0 16:37 pts/1    00:00:00 grep --color=auto -i mfetpd

There might be either an issue with the pattern used or the instruction

[ggbecker]

Hello, i think the pattern matching should be simply "mfetpd"

https://github.com/ComplianceAsCode/content/blob/e6ea793613ea472813ffe59d20e4c23f323da6cc/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_endpoint_security_software/agent_mfetpd_running/oval/shared.xml#L13

It did not worked with "^mfetpd.*$" personnally.

It's probably because of the "^" which implies that "^ asserts position at start of a line" so it needs to actually start with

mfetpd

and here it looks like it's trying to match with the prefix of the location: "/opt/McAfee/ens/tp/bin/mfetpd" and this will probably not work,

maybe something like

.*\/mfetpd.*$ could work

[Hephaisto-dev]

Yes you are correct