TOC & Recently Viewed

Recently Viewed Topics

Citrix XenServer Keywords

The following table indicates how each keyword in the Citrix XenServer compliance checks can be used:

Keyword

Example

type

AUDIT_XE

description

This keyword gives a brief description of the check that is being performed. It is required that description field be unique and no two checks should have the same description field. This is required because SecurityCenter uses this field to auto generate a plugin ID number based on the description field.

Example:

description: "List running VMs"

info

This keyword allows users to add a more detailed description to the check that is being performed. Multiple info fields are allowed with no preset limit. The info content must be enclosed in double-quotes.

Example:

info: "The allocated virtual CPUs (VCPU) should be reviewed. Desired settings depend on workload and operating system type."

see_also

This keyword allows users to include links that might provide helpful information about a check.

Example:

see_also: "http://support.citrix.com/article/CTX137828"

reference

This keyword allows including cross references for audit checks.

Example:

reference: "PCI|2.2.3,SANS-CSC|1"

solution

The keyword provides text to include solution text to fix a compliance failure.

severity

This keyword allows users to set the severity of the check. The severity can be set to HIGH, MEDIUM, or LOW.

Example:

severity: MEDIUM

cmd

This keyword specified the xe command being run on the target.

Example:

cmd: "/usr/bin/xe subject-list params=all"

regex

This keyword allows enumerating items that match a particular regex expression. If a check has “regex” keyword set, but no “expect” or “not_expect” keyword is set, then the check simply reports all items matching the regex.

Example:

regex: "power-state.+"

expect

If expect keyword is specified, then the check passes only if all results match the “expect” keyword. If a result does not match the expect keyword, then the check will fail with all the results that do not match the expect.

Example:

<custom_item>

type: AUDIT_XE

description: "List Running VMs - Any non running vms."

cmd: "/usr/bin/xe vm-list params=uuid,name-label,is-a-template,power-state,allowed-operations"

regex: "power-state .+"

expect: "running"

</custom_item>

not_expect

If not_expect keyword is set, then the check the passes as long as none of the results match the not_expect regex.

Example:

<custom_item>

type: AUDIT_XE

description: "List Running VMs"

cmd: "/usr/bin/xe vm-list params=uuid,name-label,is-a-template,power-state,allowed-operations"

regex: "power-state .+"

not_expect: "halted"

</custom_item>

ignore

This keyword allows ignoring/skipping certain items from the result.

Example:

<custom_item>

type: AUDIT_XE

description: "List halted VMs"

info: "Current guest VM status."

cmd: "/usr/bin/xe vm-list power-state=halted params=uuid,name-label,power-state"

# You can ignore VMs expected to be halted by entering their UUID here

# Example ignore

ignore: "669e1681-2968-7435-c88e-663501f7d8f3"

</custom_item>

Copyright © 2019 Tenable, Inc. All rights reserved. Tenable, Tenable.io, Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trademarks of Tenable, Inc.. Tenable.sc, Lumin, Assure, and the Cyber Exposure Company are trademarks of Tenable, Inc. All other products or services are trademarks of their respective owners.