SVC_PROP

The “SVC_PROP” audit check lets one interact with the svcprop –p tool on a Solaris 10 system. This can be used to query properties associated with a specific service. The service keyword is used to specify the service that is being audited. The property keyword specifies the name of the property that we want to query. The value keyword is the expected value of the property. The expected value can also be a regex.

The svcprop_option field can be set to specify if the audited string being searched for is required to be present or not. This field access CAN_BE_NULL or CANNOT_BE_NULL as arguments.

Tip: For information about the parameters commonly found in Unix custom items, see Unix Configuration Keywords.

Examples

<custom_item>

type: SVC_PROP

description: "Check service status"

service: "cde-ttdbserver:tcp"

property: "general/enabled"

value: "false"

</custom_item>

<custom_item>

type: SVC_PROP

description: "Make sure FTP logging is set"

service: "svc:/network/frp:default"

property: "inetd_start/exec"

regex: ".*frpd.*-1"

</custom_item>

<custom_item>

type: SVC_PROP

description: "Check if ipfilter is enabled – can be missing or not found"

service: "network/ipfilter:default"

property: "general/enabled"

value: "true"

svcprop_option: CAN_BE_NULL

</custom_item>