Fortinet FortiOS Syntax

If no regex, expect, or not_expect keywords are set, then the check will either report the entire config (or if cmd is specified the entire command output).

The above check will report the entire “config system global” context.

If only regex is specified then all lines matching the regex will be reported.

This option is primarily for informational purposes. For example, the check above will list all the admin settings under the global context. If no matching lines are found, the check will issue a WARNING result, unless required is set to YES, in which case the check will issue a FAIL.

If only expect is specified, then the check will PASS as long as a matching line/config item has been found.

The check above will pass as long as the admin password lockout is set to 300 seconds.

If only the not_expect keyword is specified, then the check will PASS as long as a matching line/config item does not exist.

The check above will FAIL if admin port is set to 443.

If both the regex and expect keywords are specified, then the regex extracts all the relevant lines from the config, and expect performs the config audit. If any line matching the regex does not match the expect, the check will FAIL.

If both the regex and not_expect keywords are specified, then the regex extracts are the relevant lines from the config, and not_expect performs the config audit. If any line matching the regex matches the not_expect, the check will FAIL.

The check above will fail if telnet is enabled in the config.

The concept of context is not applicable to all compliance plugins. When the config of a device is structured in such a way that one or more lines are applicable to a single section of the config, then we use the context keyword to audit that specific section of the .audit. For example, in the following, the example admin settings are configured/mapped to the global config:

The plugin also supports the cmd keyword. This allows users to run any get or show command, and then include the resulting output in the report.

The check above lists admin users found on the target.