SCA Regex: Ensure ntp is configured

[nmartinez-nimeops]

Hi,
seems that the regex is not good for 3026 Ensure ntp is configured

- 'f:/etc/ntp.conf -> r:^restrict\s+-4\s+default|^restrict\s+default && r:\s+kod\s+ && r:\s+nomodify\s+ && r:\s+notrap\s+ && r:\s+nopeer\s+ && r:\s+noquery\s+'

- 'f:/etc/ntp.conf -> r:^restrict\s+-6\s+default && r:\s+kod\s+ && r:\s+nomodify\s+ && r:\s+notrap\s+ && r:\s+nopeer\s+ && r:\s+noquery\s+'

The last \s+ not needed for results:

restrict -4 default kod nomodify notrap nopeer noquery
restrict -6 default kod nomodify notrap nopeer noquery

-> No space after noquery

A good one:

- 'f:/etc/ntp.conf -> r:^restrict\s+-4\s+default|^restrict\s+default && r:\s+kod\s+ && r:\s+nomodify\s+ && r:\s+notrap\s+ && r:\s+nopeer\s+ && r:\s+noquery'

- 'f:/etc/ntp.conf -> r:^restrict\s+-6\s+default && r:\s+kod\s+ && r:\s+nomodify\s+ && r:\s+notrap\s+ && r:\s+nopeer\s+ && r:\s+noquery'

File: https://github.com/wazuh/wazuh/blob/master/etc/sca/debian/cis_debian9_L1.yml

[cristgl]

Hi @nimeops,

Thank you so much for reporting this bug, it has been fixed in this PR wazuh/wazuh-ruleset#521. You can follow the revision and merge of it in the mentioned link.

Best regards and thank you again,
Cristina