The “AUDIT_ALLOWED_OPEN_PORTS” audit check is used to define an open port based policy. Users can specify which ports can be open on a given system, and if any other ports apart from the specified ports are open, then it will be considered a failure. A comma separates more than one port, and the port value could also be a regex.

Tip: For information about the parameters commonly found in Unix custom items, see Unix Configuration Keywords.



description: "Only allow port 80,443, 808[0-9] open on Web Server"

port_type: TCP

ports: "80,443, 808[0-9]"