CMD_EXEC Check

The CMD_EXEC check runs a command and analyzes the output with regular expressions to identify if a command matches the expected output.

If you use the CMD_EXEC check in an offline scan, you receive a warning stating that the command is not able to run in offline mode.

Usage

<custom_item>

type : CMD_EXEC

description : ["description"]

cmd : ["command to run"]

(optional) regex : ["regular expression to reduce config options"]

expect : ["regular expression that passes if found"]

not_expect : ["regular expression that passes if not found"]

(optional) match_all : [YES|NO]

(optional) match_case : [YES|NO]

</custom_item>

Keywords

cmd

The cmd is the command to run on the target.

regex

(Optional) Use the regex keyword to filter the full configurations to a smaller set of lines of text based on the regular expression. You can use multiple regex to narrow down the searchable configuration.

expect and not_expect

The evaluation is based on expect or not_expect. Only one of these fields can exist in a check.

  • For expect, if the regular expression matches a line of text, the check results as PASSED. If there are no matches, the check results as FAILED.

  • For not_expect, if the regular expression matches a line of text, the check results as FAILED. If there are no matches, the check results as PASSED.

To indicate if all lines need to match or that lines are case-sensitive, use the modifiers match_all or match_case.

match_all

(Optional) Setting match_all to YES requires the expectation to match all lines of text, and not just a single line of text. If you set match_all to the default of NO, only one line must match for the check to pass.

match_case

(Optional) Setting match_case to YES makes the comparison to be case-sensitive. If you set match_case to the default of NO, the comparison is case insensitive.

Example

<custom_item>

type : CMD_EXEC

description : "Ensure '3ds-cbc' is disabled for SSH access"

cmd : "show running-config"

regex : "ssh server encryption"

expect : "ssh server encryption 3des-cbc disable"

</custom_item>