You are here: Compliance Check Types > Windows Configuration > Value Data > The "check_type" Field

The "check_type" Field

This check type is different than the check_type field specified in the Windows Configuration topic that is used at the beginning of each audit file to denote the generic audit type (Windows, FileContent, Unix, Database, Cisco). It is optional and can be performed against Windows value_data values to determine the type of check to be performed. The following settings are available:

  • CHECK_EQUAL: compare the remote value against the policy value (default if check_type is missing)
  • CHECK_EQUAL_ANY: checks that each element of value_data is at least present once in the system list
  • CHECK_NOT_EQUAL: checks the remote value is different than the policy value
  • CHECK_GREATER_THAN: checks the remote value is greater than the policy value
  • CHECK_GREATER_THAN_OR_EQUAL: checks the remote value is greater or equal than the policy value
  • CHECK_LESS_THAN: checks the remote value is less than the policy value
  • CHECK_LESS_THAN_OR_EQUAL: checks the remote value is less or equal than the policy value
  • CHECK_REGEX: checks that the remote value match the regex in the policy value (only works with POLICY_TEXT and POLICY_MULTI_TEXT)
  • CHECK_SUBSET: checks that the remote ACL is a subset of the policy ACL (only works with ACLs)
  • CHECK_SUPERSET: checks that the remote ACL is a superset of the policy ACL (only works with deny rights ACLs)

Following is an example audit to check to make sure that the account name "Guest" does not exist for any Guest account.

<custom_item>

type: CHECK_ACCOUNT

description: "Accounts: Rename guest account"

value_type: POLICY_TEXT

value_data: "Guest"

account_type: GUEST_ACCOUNT

check_type: CHECK_NOT_EQUAL

</custom_item>

If any other value besides "Guest" is present, the test will pass. If "Guest" is found, the audit will fail.

Copyright © 2017. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.