Audit policies can be forced to output a specific result by making use of the
report keyword. Report types of PASSED, FAILED, and WARNING can be used. Below is an example policy:
<report type: "WARNING">
description: "Audit 103-a requires a physical inspection of the pod bay doors Hal"
The text inside the “
description” field would always be displayed in the report.
This type of reporting is useful if you wish to inform an auditor that an actual check being performed by Nessus cannot be accomplished. For example, perhaps there is a requirement to determine that a specific system has been physically secured and we wish to inform the auditor to perform the check or inspection manually. This type of report is also useful if the specific type of audit required to be performed by Nessus has not been determined with an OVAL check.