CONFIG_CHECK and CONFIG_CHECK_NOT Checks
The CONFIG_CHECK check analyzes the configuration for regular expressions to identify if a configuration is set.
The CONFIG_CHECK_NOT check gives the opposite result as CONFIG_CHECK, and analyzes the configuration to identify if a regular expression is not present, which indicates the configuration is not set.
type : CONFIG_CHECK
description : ["description"]
(optional) context : ["regular expression to create contexts"]
(optional) regex : ["regular expression to reduce config options"]
item : ["regular expression of text that needs to be found"]
(optional) match_all : [YES|NO]
(optional) match_case : [YES|NO]
(Optional) The context is a regular expression that returns one or more subsets of the configuration. When the context matches a line, it returns that line and any other lines directly below it that are indented more than the initial matching line. Multiple contexts can be used to narrow down then searchable configuration.
(Optional) Filters the full configurations to a smaller set of lines of text based on the regular expression. Multiple regex can be used to narrow down the searchable configuration, and they are applied in the order that they are listed in the check.
The evaluation is based on item.
- For CONFIG_CHECK, if the regular expression in the item matches a line of text, the check results as PASSED. If there are no matches, the check results as FAILED.
- For CONFIG_CHECK_NOT, if the regular expression in the item matches a line of text, the check results as FAILED. If there are no matches, the check results as PASSED.
To indicate if all lines need to match or that lines are case-sensitive, use the modifiers match_all or match_case.
(Optional) When set to YES, requires the item to match all lines of text, instead of a single line of text. By default, is set to NO, which requires only one line to match for the check to pass.
(Optional) When set to YES, makes the comparison case sensitive. By default, is set to NO, which makes the comparison case insensitve.
type : CONFIG_CHECK
description : "Ensure 'TLS 1.0' is set for HTTPS access"
regex : "ssl cipher tlsv1 custom"
item : "ssl cipher tlsv1 custom \"[Aa][Ee][Ss]256-[Ss][Hh][Aa]\""