From b499a69140f928133b68777c3822d8cf5e49728a Mon Sep 17 00:00:00 2001
From: Marcus Burghardt <maburgha@redhat.com>
Date: Tue, 28 May 2024 09:58:22 +0200
Subject: [PATCH 1/4] Fix regex in file_ownership_audit_configuration

This regex was not matching the files as expected. After some minor
changes with escapes, it is working.
---
 .../file_ownership_audit_configuration/rule.yml                 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/linux_os/guide/auditing/auditd_configure_rules/file_ownership_audit_configuration/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/file_ownership_audit_configuration/rule.yml
index 9ffff5cb01a..ed0c2a8a87b 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/file_ownership_audit_configuration/rule.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/file_ownership_audit_configuration/rule.yml
@@ -41,6 +41,6 @@ template:
             - /etc/audit/
             - /etc/audit/rules.d/
         file_regex:
-            - ^audit(\.rules|d\.conf)$
+            - ^.*/audit\(\.rules\|d\.conf\)$
             - ^.*\.rules$
         fileuid: '0'

From b9432e020998626101c2cf33a50fa288b28a134a Mon Sep 17 00:00:00 2001
From: Marcus Burghardt <maburgha@redhat.com>
Date: Tue, 28 May 2024 23:15:22 +0200
Subject: [PATCH 2/4] Specify regextype for find command

Using escaping resolved the issue with find but created an issue with
OVAL. Therefore, the escaping was removed to preserve the OVAL behavior
and the file_onwer template was updated to specify a more robust regex
type for find command.
---
 .../file_ownership_audit_configuration/rule.yml                 | 2 +-
 shared/templates/file_owner/ansible.template                    | 2 +-
 shared/templates/file_owner/bash.template                       | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/linux_os/guide/auditing/auditd_configure_rules/file_ownership_audit_configuration/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/file_ownership_audit_configuration/rule.yml
index ed0c2a8a87b..800eb574e65 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/file_ownership_audit_configuration/rule.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/file_ownership_audit_configuration/rule.yml
@@ -41,6 +41,6 @@ template:
             - /etc/audit/
             - /etc/audit/rules.d/
         file_regex:
-            - ^.*/audit\(\.rules\|d\.conf\)$
+            - ^.*audit(\.rules|d\.conf)$
             - ^.*\.rules$
         fileuid: '0'
diff --git a/shared/templates/file_owner/ansible.template b/shared/templates/file_owner/ansible.template
index 486c024cdd3..ce8a13e2eb5 100644
--- a/shared/templates/file_owner/ansible.template
+++ b/shared/templates/file_owner/ansible.template
@@ -15,7 +15,7 @@
 {{%- endif %}}
 
 - name: Find {{{ path }}} file(s) matching {{{ FILE_REGEX[loop.index0] }}}{{% if RECURSIVE %}} recursively{{% endif %}}
-  command: 'find -H {{{ path }}} {{{ FIND_RECURSE_ARGS }}} -type f ! -uid {{{ FILEUID }}} -regex "{{{ FILE_REGEX[loop.index0] }}}"'
+  command: 'find -H {{{ path }}} {{{ FIND_RECURSE_ARGS }}} -type f ! -uid {{{ FILEUID }}} -regextype posix-extended -regex "{{{ FILE_REGEX[loop.index0] }}}"'
   register: files_found
   changed_when: False
   failed_when: False
diff --git a/shared/templates/file_owner/bash.template b/shared/templates/file_owner/bash.template
index 0b39066555b..c10a7f58997 100644
--- a/shared/templates/file_owner/bash.template
+++ b/shared/templates/file_owner/bash.template
@@ -14,7 +14,7 @@
 {{%- if IS_DIRECTORY %}}
 {{%- if FILE_REGEX %}}
 
-find {{{ path }}} {{{ FIND_RECURSE_ARGS }}} -type f ! -uid {{{ FILEUID }}} -regex '{{{ FILE_REGEX[loop.index0] }}}' -exec chown {{{ FILEUID }}} {} \;
+find {{{ path }}} {{{ FIND_RECURSE_ARGS }}} -type f ! -uid {{{ FILEUID }}} -regextype posix-extended -regex '{{{ FILE_REGEX[loop.index0] }}}' -exec chown {{{ FILEUID }}} {} \;
 {{%- else %}}
 find -H {{{ path }}} {{{ FIND_RECURSE_ARGS }}} -type d -exec chown {{{ FILEUID }}} {} \;
 {{%- endif %}}

From fe7a5ea0330d04bf73e362e18d4945dcbdb68483 Mon Sep 17 00:00:00 2001
From: Marcus Burghardt <maburgha@redhat.com>
Date: Thu, 30 May 2024 16:19:11 +0200
Subject: [PATCH 3/4] Fix regex also for groupownership and permissions

---
 .../file_groupownership_audit_configuration/rule.yml          | 2 +-
 .../file_permissions_audit_configuration/rule.yml             | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/linux_os/guide/auditing/auditd_configure_rules/file_groupownership_audit_configuration/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/file_groupownership_audit_configuration/rule.yml
index a8b92a06e0e..0303cc1beca 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/file_groupownership_audit_configuration/rule.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/file_groupownership_audit_configuration/rule.yml
@@ -40,6 +40,6 @@ template:
             - /etc/audit/
             - /etc/audit/rules.d/
         file_regex:
-            - ^audit(\.rules|d\.conf)$
+            - ^.*audit(\.rules|d\.conf)$
             - ^.*\.rules$
         gid_or_name: '0'
diff --git a/linux_os/guide/auditing/auditd_configure_rules/file_permissions_audit_configuration/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/file_permissions_audit_configuration/rule.yml
index 398f582250b..5ddbc0f98d1 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/file_permissions_audit_configuration/rule.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/file_permissions_audit_configuration/rule.yml
@@ -34,7 +34,7 @@ template:
             - /etc/audit/
             - /etc/audit/rules.d/
         file_regex:
-            - .*audit\(\.rules\|d\.conf\)$
-            - .*\.rules$
+            - ^.*audit(\.rules|d\.conf)$
+            - ^.*\.rules$
         allow_stricter_permissions: "true"
         filemode: '0640'

From 8797ca8a0a0a8f3068bd58526ddb247b75eee17f Mon Sep 17 00:00:00 2001
From: Marcus Burghardt <maburgha@redhat.com>
Date: Thu, 30 May 2024 16:38:03 +0200
Subject: [PATCH 4/4] Aling find regextype in file templates

Align the templates file_groupowner and file_permissions with the
changes in file_owner.
---
 shared/templates/file_groupowner/ansible.template  | 2 +-
 shared/templates/file_groupowner/bash.template     | 2 +-
 shared/templates/file_permissions/ansible.template | 2 +-
 shared/templates/file_permissions/bash.template    | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/shared/templates/file_groupowner/ansible.template b/shared/templates/file_groupowner/ansible.template
index 3906c747a7a..832dc5c3f63 100644
--- a/shared/templates/file_groupowner/ansible.template
+++ b/shared/templates/file_groupowner/ansible.template
@@ -15,7 +15,7 @@
 {{%- endif %}}
 
 - name: Find {{{ path }}} file(s) matching {{{ FILE_REGEX[loop.index0] }}}{{% if RECURSIVE %}} recursively{{% endif %}}
-  command: 'find -H {{{ path }}} {{{ FIND_RECURSE_ARGS }}} -type f ! -group {{{ GID_OR_NAME }}} -regex "{{{ FILE_REGEX[loop.index0] }}}"'
+  command: 'find -H {{{ path }}} {{{ FIND_RECURSE_ARGS }}} -type f ! -group {{{ GID_OR_NAME }}} -regextype posix-extended -regex "{{{ FILE_REGEX[loop.index0] }}}"'
   register: files_found
   changed_when: False
   failed_when: False
diff --git a/shared/templates/file_groupowner/bash.template b/shared/templates/file_groupowner/bash.template
index 4ca2984f27c..cd7cc8d72f1 100644
--- a/shared/templates/file_groupowner/bash.template
+++ b/shared/templates/file_groupowner/bash.template
@@ -14,7 +14,7 @@
 {{%- if IS_DIRECTORY %}}
 {{%- if FILE_REGEX %}}
 
-find {{{ path }}} {{{ FIND_RECURSE_ARGS }}} -type f ! -group {{{ GID_OR_NAME }}} -regex '{{{ FILE_REGEX[loop.index0] }}}' -exec chgrp {{{ GID_OR_NAME }}} {} \;
+find {{{ path }}} {{{ FIND_RECURSE_ARGS }}} -type f ! -group {{{ GID_OR_NAME }}} -regextype posix-extended -regex '{{{ FILE_REGEX[loop.index0] }}}' -exec chgrp {{{ GID_OR_NAME }}} {} \;
 {{%- else %}}
 find -H {{{ path }}} {{{ FIND_RECURSE_ARGS }}} -type d -exec chgrp {{{ GID_OR_NAME }}} {} \;
 {{%- endif %}}
diff --git a/shared/templates/file_permissions/ansible.template b/shared/templates/file_permissions/ansible.template
index 20ff28ade20..c856fbb4b6e 100644
--- a/shared/templates/file_permissions/ansible.template
+++ b/shared/templates/file_permissions/ansible.template
@@ -10,7 +10,7 @@
 {{%- if FILE_REGEX %}}
 {{% set STATE="file" %}}
 {{% set FIND_TYPE="-type f" %}}
-{{% set FIND_FILE_REGEX="-regex \"" ~ FILE_REGEX[loop.index0] ~ "\"" %}}
+{{% set FIND_FILE_REGEX="-regextype posix-extended -regex \"" ~ FILE_REGEX[loop.index0] ~ "\"" %}}
 {{%- else %}}
 {{% set STATE="directory" %}}
 {{% set FIND_TYPE="-type d" %}}
diff --git a/shared/templates/file_permissions/bash.template b/shared/templates/file_permissions/bash.template
index 1c27736edf8..946c8545236 100644
--- a/shared/templates/file_permissions/bash.template
+++ b/shared/templates/file_permissions/bash.template
@@ -25,7 +25,7 @@
 {{% for path in FILEPATH %}}
 {{%- if IS_DIRECTORY %}}
 {{%- if FILE_REGEX %}}
-find -H {{{ path }}} {{{ FIND_RECURSE_ARGS }}} {{{ PERMS }}} {{{ EXCLUDED_FILES_ARGS }}} -type f -regex '{{{ FILE_REGEX[loop.index0] }}}' -exec chmod {{{ FILEMODE }}} {} \;
+find -H {{{ path }}} {{{ FIND_RECURSE_ARGS }}} {{{ PERMS }}} {{{ EXCLUDED_FILES_ARGS }}} -type f -regextype posix-extended -regex '{{{ FILE_REGEX[loop.index0] }}}' -exec chmod {{{ FILEMODE }}} {} \;
 {{%- else %}}
 find -H {{{ path }}} {{{ FIND_RECURSE_ARGS }}} {{{ PERMS }}} -type d -exec chmod {{{ FILEMODE }}} {} \;
 {{%- endif %}}