The “AUDIT_DENIED_OPEN_PORTS” audit check is used to define an open port based policy. Users can specify which ports cannot be open a given system, and if those ports open, then it will be considered a failure. A comma separates more than one port, and the port value could also be a regex.



description: "Do not allow port 23 (telnet) to be open"

port_type: TCP

ports: "23"