OFFLINE_BANNER_CHECK
The OFFLINE_BANNER_CHECK check analyzes the configuration for regular expressions to identify if a banner is set.
Usage
<custom_item>
type : OFFLINE_BANNER_CHECK
description : ["description"]
context : ["regular expression to create contexts"]
item: ["config item"]
content: ["banner content"]
(optional) is_substring: [YES|NO]
</custom_item>
context
The context is a regular expression that will return one or more subsets of the configuration. When the context matches a line, it will return that line and any other lines directly below it that are within curly brackets {}. Multiple contexts can be used to narrow down the searchable configuration.
A context is defined as code formatted like the following:
sys sshd {
allow { ALL }
banner enabled
include "Ciphers aes128-cbc,aes128-ctr,aes192-ctr,aes256-ctr,arcfour128,arcfour256,arcfour
MACs hmac-sha2-256
KexAlgorithms diffie-hellman-group14-sha256"
banner-text "All unauthorized activity is monitored and logged."
description none
fips-cipher-version 0
inactivity-timeout 600
log-level info
login enabled
port 22
}
item
The item is used to identify the banner text.
content
The content is what the expected banner should be. New lines in the banner are automatically processed through functions that determine delimiters and context.
is_substring
The is_substring flag is add to support the possibility of location specific information being placed in a banner. By setting to YES, the expected banner can be a substring of the config, and not require a full match.
Example
<custom_item>
type : OFFLINE_BANNER_CHECK
description : "Check offline config for banner text"
context : "sys sshd"
item : "banner-text"
content : "All unauthorized activity is monitored and logged."
</custom_item>