The “AUDIT_DENIED_OPEN_PORTS” audit check is used to define an open port based policy. Users can specify which ports cannot be open a given system, and if those ports open, then it will be considered a failure. A comma separates more than one port, and the port value could also be a regex.

Tip: For information about the parameters commonly found in Unix custom items, see Unix Configuration Keywords.



description: "Do not allow port 23 (telnet) to be open"

port_type: TCP

ports: "23"