BANNER_CHECK Checks
The BANNER_CHECK policy item checks whether the configuration content matches the content provided by normalizing the values to use common newline, escaping patterns, and stripping white space from the beginning and end of the policy text.
Usage
<custom_item>
type: BANNER_CHECK
description: ["description"]
item: ["config item"]
content: ["banner content"]
(optional) is_substring: [YES|NO]
</custom_item>
Keywords
| Keyword | Description |
|---|---|
| item |
The configuration items present on the target for managing banner output. The following items are supported for evaluation:
Example: <custom_item> type : BANNER_CHECK description : "inline welcome-banner is configured" item : "inline welcome-banner" content : "** No Unauthorized Access **" </custom_item> |
| content |
The content is the expected banner content. New lines in the banner are automatically processed through functions that determine delimiters and context. Example: <custom_item> type : BANNER_CHECK description : "inline sshv2-welcome-banner is configured" item : "inline sshv2-welcome-banner" content : "All access is monitored and recorded." </custom_item> |
| is_substring |
(Optional) The is_substring flag allows location-specific information to be placed in a banner. By setting to "YES", the expected banner can be a substring of the config, and not require a full match. Example: <custom_item> type : BANNER_CHECK description : "inline sshv2-welcome-banner is configured - with is_substring" item : "inline sshv2-welcome-banner" content : "access is monitored" is_substring : YES </custom_item> |