The "check_type" Field

This check type is different than the check_type field specified in the Windows Configuration topic that is used at the beginning of each audit file to denote the generic audit type (Windows, FileContent, Unix, Database, Cisco). It is optional and can be performed against Windows value_data values to determine the type of check to be performed. The following settings are available:

• CHECK_EQUAL: compare the remote value against the policy value (default if check_type is missing)
• CHECK_EQUAL_ANY: checks that each element of value_data is at least present once in the system list
• CHECK_NOT_EQUAL: checks that the remote value is different than the policy value
• CHECK_NOT_REGEX: checks that the remote value does not match the regex in the policy value (only works with POLICY_TEXT and POLICY_MULTI_TEXT)
• CHECK_GREATER_THAN: checks that the remote value is greater than the policy value
• CHECK_GREATER_THAN_OR_EQUAL: checks that the remote value is greater or equal than the policy value
• CHECK_LESS_THAN: checks that the remote value is less than the policy value
• CHECK_LESS_THAN_OR_EQUAL: checks that the remote value is less or equal than the policy value
• CHECK_REGEX: checks that the remote value match the regex in the policy value (only works with POLICY_TEXT and POLICY_MULTI_TEXT)
• CHECK_SUBSET: checks that the remote ACL is a subset of the policy ACL (only works with ACLs)
• CHECK_SUPERSET: checks that the remote ACL is a superset of the policy ACL (only works with deny rights ACLs)

Following is an example audit to check to make sure that the account name "Guest" does not exist for any Guest account.

If any other value besides "Guest" is present, the test will pass. If "Guest" is found, the audit will fail.