5

I'm writing a python script which will mark output for a Windows CIS benchmark. In order to do this I am matching values in group policy settings with a regex to see if they meet the criteria for the benchmark.

For certain aspects of the benchmark it is necessary for a list of users to present in the setting, but it must be exclusive and the order they are specified does not have to be consistent.

As an example, 'Adjust memory quotas for a process' should be Administrators,LOCAL SERVICE,NETWORK SERVICE, however it could also be presented as LOCAL SERVICE,NETWORK SERVICE, Administrators, but it cannot be Administrators,LOCAL SERVICE,NETWORK SERVICE,phil.

I'm looking for a regex which can match these required values in any order similar to this, but to only match if there is no other value present.

Thanks, Phil

Edit: This is not the same as Regex to match string containing two names in any order and Multiple words in any order using regex as these don't match the words exclusively. I'm looking to match just the require names but in any order.

Second Edit: The script loads a set of rules from a csv file which contains the benchmark item number, the description, the required value and a regex to match against the group policy settings. The idea behind that was that we will be able to create a csv with rules for any of the benchmarks and the script needs no prior knowledge of whether the settings should be numerical, lists of username, boolean values etc.

Rules are loaded from the csv into a list (benchmark in the below example) and policy settings are loaded from a tsv into a second list (policy). This allows me to keep the checking of values as agnostic as possible in terms of which benchmark is being used.

for row in benchmark:
    if re.match(row[4],policy[row[2]]):
        continue
    print('"{}","{}","{}","{}"'.format(row[0],row[1],policy[row[2]],row[3]))

An example of a row in the benchmark csv:

"2.2.5","Ensure 'Adjust memory quotas for a process' is set to 'Administrators,LOCAL SERVICE,NETWORK SERVICE'","Adjust memory quotas for a process","Administrators, LOCAL SERVICE, NETWORK SERVICE","<insert regex here>"

The final output is written to a csv file (or printed in csv format here) if the benchmark requirement isn't met with the format of item number, item description, current value, required value

Community
  • 1
  • 1
DevilToad
  • 97
  • 1
  • 7
  • Possible duplicate of [Regex to match string containing two names in any order](http://stackoverflow.com/questions/4389644/regex-to-match-string-containing-two-names-in-any-order) – levant pied Apr 11 '17 at 13:12
  • @levantpied Whilst that does match in any order, it won't match exclusively, so if there is a username in the list which shouldn't be there but all the required usernames are present it will still match. – DevilToad Apr 11 '17 at 13:26
  • is there a specific reason to use a regex for this? Seems as though you want to split the sequence of usernames and check if there are any that don't match your list. – asongtoruin Apr 11 '17 at 13:39
  • @asongtoruin please see the second edit, it was too long for a comment :) – DevilToad Apr 11 '17 at 13:55

1 Answers1

5

How about 

^[(Administrators)(LOCAL SERVICE)(NETWORK SERVICE),\s]+$

or 

^(Administrators|LOCAL SERVICE|NETWORK SERVICE|[,\s])+$

see working at https://regex101.com/r/oJF0aW/2/tests

both versions basically say that the whole string must contain only the specified user names as well as commas and whitespace.

nozzleman
  • 9,529
  • 4
  • 37
  • 58