AUDIT_XML_VPM Checks

The AUDIT_XML_VPM policy item checks whether the config XML content for the Visual Policy Manager (VPM) matches the content provided by the policy. This is done with the use of XSL transformations against the found XML.

Usage

<custom_item>

type: AUDIT_XML_VPM

description : ["description"]

xsl_stmt : ["XSLT transformations"]

expect/not_expect : ["lines to match against"]

(optional) regex : ["regular expression to reduce config options"]

</custom_item>

Keywords

Keyword Description
xsl_stmt

XSLT transformations are used to process returned data to gather a specific configuration. The xsl_stmt tag can be a single entry, or multiple entries.

Single entry example:

<custom_item>

type : AUDIT_XML_VPM

description : "Test AUDIT_XML_VPM - individual xsl_stmt"

xsl_stmt : "<xsl:template match=\"vpmapp\">

<xsl:text>Text line</xsl:text><xsl:text>&#10;</xsl:text>

<xsl:text>Value-of select 1 - </xsl:text><xsl:value-of select=\"conditionObjects/clnt-cipher/@name\"/><xsl:text>&#10;</xsl:text>

<xsl:text>Value-of select 2 - </xsl:text><xsl:value-of select=\"conditionObjects/clnt-cipher/@v\"/>

</xsl:template>"

expect : "ECDHE-RSA-AES256-GCM-SHA384"

</custom_item>

Multiple entry example:

<custom_item>

type : AUDIT_XML_VPM

description : "Test AUDIT_XML_VPM - individual xsl_stmt"

xsl_stmt : "<xsl:template match=\"vpmapp\">"

xsl_stmt : "<xsl:text>Text line</xsl:text><xsl:text>&#10;</xsl:text>"

xsl_stmt : "<xsl:text>Value-of select 1 - </xsl:text><xsl:value-of select=\"conditionObjects/clnt-cipher/@name\"/><xsl:text>&#10;</xsl:text>"

xsl_stmt : "<xsl:text>Value-of select 2 - </xsl:text><xsl:value-of select=\"conditionObjects/clnt-cipher/@v\"/>"

xsl_stmt : "</xsl:template>"

expect : "ECDHE-RSA-AES256-GCM-SHA384"

</custom_item>

expect and not_expect

The AUDIT_XML_VPM evaluation is based on expect or not_expect.

  • For expect, if the regular expression in the expect matches a line of text, the check results as PASSED. If there are no matches, the check results as FAILED.

  • For not_expect, if the regular expression in the not_expect matches a line of text, the check results as FAILED. If there are no matches, the check results as PASSED.

Note: Expect and not_expect are mutually exclusive. You may only use one of the two keywords per check.

regex (Optional) The regex is used to filter the full configurations, or each of the context configurations, into a smaller set of lines of text based on the regular expression. Multiple regex keywords can be used to narrow down the searchable configuration, and they are applied in the listed order.