Recently Viewed Topics
CONFIG_CHECK and CONFIG_CHECK_NOT Checks
The CONFIG_CHECK check analyzes the configuration for regular expressions to identify if a configuration is set.
The CONFIG_CHECK_NOT check gives the opposite result as CONFIG_CHECK, and analyzes the configuration to identify if a regular expression is not present, which indicates the configuration is not set.
type : CONFIG_CHECK
description : ["description"]
(optional) context : ["regular expression to create contexts"]
(optional) regex : ["regular expression to reduce config options"]
item : ["regular expression of text that needs to be found"]
(optional) match_all : [YES|NO]
(optional) match_case : [YES|NO]
(Optional) The context is a regular expression that returns one or more subsets of the configuration. When the context matches a line, it returns that line and any other lines directly below it that are indented more than the initial matching line. Multiple contexts can be used to narrow down then searchable configuration.
(Optional) The regex is used to filter the full configurations, or each of the context configurations, to a smaller set of lines of text based on the regular expression. Multiple regex can be used to narrow down the searchable configuration, and they are applied in the order that they are listed in the check.
The evaluation is based on item.
- For CONFIG_CHECK, if the regular expression in the item matches a line of text, the check results as PASSED. If there are no matches, the check results as FAILED.
- For CONFIG_CHECK_NOT, if the regular expression in the item matches a line of text, the check results as FAILED. If there are no matches, the check results as PASSED.
To indicate if all lines need to match or that lines are case-sensitive, use the modifiers match_all or match_case.
(Optional) Setting match_all to YES requires the item to match all lines of text, and not just a single line of text. If match_all is set to the default NO, only one line must match for the check to pass.
(Optional) Setting match_case to YES makes the comparison case sensitive. If match_case is set to the default NO, the comparison is case insensitve.
type : CONFIG_CHECK
description : "Ensure 'TLS 1.0' is set for HTTPS access"
regex : "ssl cipher tlsv1 custom"
item : "ssl cipher tlsv1 custom \"[Aa][Ee][Ss]256-[Ss][Hh][Aa]\""