As per discussion with trhodes, update Nagios example with the

less verbose example suggested in PR148984. Sponsored by: iXsystems
svn path=/head/; revision=44397
2014-03-31 15:03:21 +00:00 · 2014-03-31 15:03:21 +00:00 · 38bc8da495 · 2020-12-08 03:00:23 +00:00
commit 38bc8da495
parent 3b7ece0cf2
1 changed files with 9 additions and 18 deletions
--- a/en_US.ISO8859-1/books/handbook/mac/chapter.xml
+++ b/en_US.ISO8859-1/books/handbook/mac/chapter.xml
@ -1463,37 +1463,28 @@ mac_seeotheruids_load="YES"</programlisting>
 	<programlisting># This is the default BIBA policy for this system.

 # System:
-/var/run                        biba/equal
-/var/run/*                      biba/equal
+/var/run(/.*)?			biba/equal

-/dev                            biba/equal
-/dev/*                          biba/equal
+/dev/(/.*)?			biba/equal

 /var				biba/equal
-/var/spool                      biba/equal
-/var/spool/*                    biba/equal
+/var/spool(/.*)?		biba/equal

-/var/log                        biba/equal
-/var/log/*                      biba/equal
+/var/log(/.*)?			biba/equal

-/tmp				biba/equal
-/tmp/*				biba/equal
-/var/tmp			biba/equal
-/var/tmp/*			biba/equal
+/tmp(/.*)?			biba/equal
+/var/tmp(/.*)?			biba/equal

 /var/spool/mqueue		biba/equal
 /var/spool/clientmqueue		biba/equal

 # For Nagios:
-/usr/local/etc/nagios
-/usr/local/etc/nagios/*         biba/10
+/usr/local/etc/nagios(/.*)?	biba/10

-/var/spool/nagios               biba/10
-/var/spool/nagios/*             biba/10
+/var/spool/nagios(/.*)?		biba/10

 # For apache
-/usr/local/etc/apache           biba/10
-/usr/local/etc/apache/*         biba/10</programlisting>
+/usr/local/etc/apache(/.*)?	biba/10</programlisting>

      <para>This policy enforces security by setting restrictions
 	on the flow of information.  In this specific configuration,