Windows Example Audit Items

Nessus can test for any setting that can be configured as a “policy” under the Microsoft Windows framework. There are several hundred registry settings that can be audited and the permissions of files, directories, and objects can also be analyzed. A partial list of example audits includes testing the settings of the following:

Account lockout duration
Retain security log
Allow log on locally
Enforce Password History

Windows Example 1

The following example audit looks for the setting "Minimum password length" on a Windows server and generates an alert if the value is not equal to seven characters.

<item>

name: "Minimum password length"

value: 7

</item>

Windows Example 2

Nessus can also search Windows computers for sensitive data. The following is an example that searches for Visa credit card numbers in Excel, Adobe, and text files.

<item>

type: FILE_CONTENT_CHECK

description: "Determine if a file contains a valid VISA Credit Card Number"

file_extension: "xls" | "xlsx" | "pdf" | "txt"

regex: "([^0-9-]|^)(4[0-9]{3}( |-|)([0-9]{4})( |-|)([0-9]{4})( |-|)([0-9 {4}))([^0-9-]|$)"

expect: "VISA" | "credit" | "Visa" | "CCN"

max_size: "50K"

only_show: "4"

</item>