TOC & Recently Viewed

Recently Viewed Topics

CMD_EXEC Check

The CMD_EXEC check runs a command and analyze the output with regular expressions to to identify if a command matches the expected output.

If CMD_EXEC is used in an offline scan, a warning states that the command is not able to run in offline mode.

Usage

<custom_item>

type : CMD_EXEC

description : ["description"]

cmd : ["command to run"]

(optional) regex : ["regular expression to reduce config options"]

expect : ["regular expression that passes if found"]

not_expect : ["regular expression that passes if not found"]

(optional) match_all : [YES|NO]

(optional) match_case : [YES|NO]

</custom_item>

Keywords

cmd

The cmd is the command that should be run on the target.

regex

(Optional) The regex is used to filter the full configurations to a smaller set of lines of text based on the regular expression. Multiple regex can be used to narrow down the searchable configuration, and they are applied in the order that they are listed in the check.

expect or not_expect

The evaluation is based on expect or not_expect. Use only one of these fields in a check.

  • For expect, if the regular expression matches a line of text, the check results as PASSED. If there are no matches, the check results as FAILED.
  • For not_expect, if the regular expression matches a line of text, the check results as FAILED. If there are no matches, the check results as PASSED.

To indicate if all lines need to match or that lines are case-sensitive, use the modifiers match_all or match_case.

match_all

Setting match_all to YES requires the item to match all lines of text, and not just a single line of text. If match_all is set to the default NO, only one line must match for the check to pass.

match_case

Setting match_case to YES makes the comparison case sensitive. If match_case is set to the default NO, the comparison is case insensitve.

Example

<custom_item>

type : CMD_EXEC

description : "Ensure 'TLS 1.0' is set for HTTPS access"

cmd : "show running-config all"

regex : "ssl cipher tlsv1 custom"

expect : "ssl cipher tlsv1 custom \"[Aa][Ee][Ss]256-[Ss][Hh][Aa]\""

</custom_item>

Copyright © 2019 Tenable, Inc. All rights reserved. Tenable, Tenable.io, Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trademarks of Tenable, Inc.. Tenable.sc, Lumin, Assure, and the Cyber Exposure Company are trademarks of Tenable, Inc. All other products or services are trademarks of their respective owners.