FILE_CONTENT_CHECK_NOT

This audit examines the contents of a file for a match with the regex description in the regex field. This function negates FILE_CONTENT_CHECK. That is, a policy fails if the regex does match in the file. Use the “ignore” keyword to ignore one or more files from the specified search location(s).

This policy item checks if the file contains the regular expression regex and that this expression does not match expect.

Both regex and expect must be specified in this check.

Tip: For information about the parameters commonly found in Unix custom items, see Unix Configuration Keywords.

Example

<custom_item>

type: FILE_CONTENT_CHECK_NOT

description: "Make sure NIS is not enabled on the remote host by making sure that '+::' is not in /etc/passwd"

file: "/etc/passwd"

regex: "^\+::"

expect: "^\+::"

file_required: NO

string_required: NO

</custom_item>