I would like to match a audit result where the 1st nameserver is A , 2nd namesever is B and 3rd nameserver is C. Taking into consideration that some system will be missing domain or search line.
This is what i got if the domain and seacrh was the first 2 lines and the 1st namserver is the 3rd line of the file.
if ( not exists file “/etc/resolv.conf”) then “/etc/resolv.conf File Missing” else if ((line 3 of file “/etc/resolv.conf” = “nameserver 10.10.1.24”) and (next line of line 3 of file “/etc/resolv.conf” = “nameserver 123.1.45.100”)and (next line of next line of line 3 of file “/etc/resolv.conf” = “nameserver 123.1.45.101”)) then “PASS” else “FAILED”
That seems like it would work, but if your line spacing is wrong, you would have an issue… here are some ideas:
iterate through the lines of the file, pull out the lines with "nameserver " and then make sure they match the IP addresses
(it contains “10.10.1.24” AND it contains “123.1.45.100” AND it contains “123.1.45.101”) of concatenation “:” of (following text of first "nameserver " of it) of (lines of file “/etc/resolv.conf”) whose (it as lowercase contains “nameserver”)
or do the same thing as above, but enforce the order
(it = “10.10.1.24:123.1.45.100:123.1.45.101”) of concatenation “:” of (following text of first "nameserver " of it) of (lines of file “/etc/resolv.conf”) whose (it as lowercase contains “nameserver”)
Note that in all cases, we are assuming there is only a space after “nameserver”.
Nice work Mee Wee. Ben beat me to an answer but I’ll post my version anyway.
if
not exists file "c:\etc\resolv.conf"
then
"Missing File"
else
if
number of unique values of parenthesized parts 1
whose
(
it = "10.10.1.24"
or
it = “123.1.45.100"
or
it =“123.1.45.101”
)
of first matches
(
case insensitive regex “\snameserver\s+((\d{1,3}.){3}\d{1,3})\s$”
)
of lines of file “c:\etc\resolv.conf” = 3
then
"PASS"
else
"FAIL”
In order to pass, the file must meet the following criteria:
All 3 IP required addresses must appear on a validly formated line
A validly formated line contains the text “nameserver” and an IP address which are separated by at least one whitespace character
A validly formated line may have leading or trailing whitespace
“nameserver” is case insenstive
Other nameserver lines are also allowed.
You may need to re-write it with a boost compatible regex. Search the forum for a few recent examples.
Thanks for the both inputs. Somehow, i think Jesse has provide me the windows which works on Boolen Posix ( correct me if i am wrong ) and i got negative results.
Ben’s script works, but i tested that if i have remark or comment of nameserver, i still get a “PASS” as it matches only the content but not the starter as nameserver.
So… a challenge ! how do we do that
As
(lines of file “/etc/resolv.conf”) whose (it as lowercase contains “nameserver”) will output
A: nameserver 10.10.1.24
A: nameserver 123.1.45.100
A: #nameserver 123.1.45.101
T: 7995556
How do we exclude that #nameserver is not take into consideration ?
