The "check_type" Field
This check type is different than the
check_type field specified in the Windows Configuration topic that is used at the beginning of each audit file to
denote the generic audit type (Windows, FileContent, Unix, Database, Cisco). It is optional and can be performed against
value_data values to determine the type of check to be performed. The following settings are available:
- CHECK_EQUAL: compare the remote value against the policy value (default if
- CHECK_EQUAL_ANY: checks that each element of
value_datais at least present once in the system list
- CHECK_NOT_EQUAL: checks the remote value is different than the policy value
- CHECK_GREATER_THAN: checks the remote value is greater than the policy value
- CHECK_GREATER_THAN_OR_EQUAL: checks the remote value is greater or equal than the policy value
- CHECK_LESS_THAN: checks the remote value is less than the policy value
- CHECK_LESS_THAN_OR_EQUAL: checks the remote value is less or equal than the policy value
- CHECK_REGEX: checks that the remote value match the regex in the policy value (only works with POLICY_TEXT and POLICY_MULTI_TEXT)
- CHECK_SUBSET: checks that the remote ACL is a subset of the policy ACL (only works with ACLs)
- CHECK_SUPERSET: checks that the remote ACL is a superset of the policy ACL (only works with deny rights ACLs)
Following is an example audit to check to make sure that the account name "Guest" does not exist for any Guest account.
description: "Accounts: Rename guest account"
If any other value besides "Guest" is present, the test will pass. If "Guest" is found, the audit will fail.