Recently Viewed Topics
Appendix B: Example Windows Compliance File
Note: The following file is available from the Tenable Downloads Page. The actual file may have updates that are not reflected here. This particular script name is called financial_microsoft_windows_user_audit_guideline_v2.audit and is based on common hardening guides for user administration. This policy looks for a reasonable password policy, account lockout policy and ensures that login events are logged to the Windows event log.
# (C) 2008 Tenable Network Security
#
# This script is released under the Tenable Subscription License and
# may not be used from within scripts released under another license
# without authorization from Tenable Network Security Inc.
#
# See the following licenses for details:
#
# http://cgi.tenablesecurity.com/Nessus_3_SLA_and_Subscription_Agreement.pdf
# http://cgi.tenablesecurity.com/Subscription_Agreement.pdf
#
#
# $Revision: 1.2 $
# $Date: 2008/10/07 15:48:17 $
#
# Synopsis: This file will be read by compliance_check.nbin
# to check compliance of a Windows host to
# typical financial institution audit policy
#
<check_type:"Windows" version:"2">
<group_policy:"User audit guideline">
<item>
name: "Enforce password history"
value: 24
</item>
<item>
name: "Maximum password age"
value: 90
</item>
<item>
name: "Minimum password age"
value: 1
</item>
<item>
name: "Minimum password length"
value: [12..14]
</item>
<item>
name: "Account lockout duration"
value: [15..30]
</item>
<item>
name: "Account lockout threshold"
value: [3..5]
</item>
<item>
name: "Reset lockout account counter after"
value: [15..30]
</item>
<item>
name: "Audit account logon events"
value: "Success, Failure"
</item>
<item>
name: "Audit logon events"
value: "Success, Failure"
</item>
</group_policy>
</check_type>