Citrix XenServer Keywords

The following table indicates how each keyword in the Citrix XenServer compliance checks can be used:

Keyword	Example
type	AUDIT_XE
description	This keyword gives a brief description of the check that is being performed. It is required that description field be unique and no two checks should have the same description field. This is required because SecurityCenter uses this field to auto generate a plugin ID number based on the description field. Example: description: "List running VMs"
info	This keyword allows users to add a more detailed description to the check that is being performed. Multiple info fields are allowed with no preset limit. The info content must be enclosed in double-quotes. Example: info: "The allocated virtual CPUs (VCPU) should be reviewed. Desired settings depend on workload and operating system type."
see_also	This keyword allows users to include links that might provide helpful information about a check. Example: see_also: "http://support.citrix.com/article/CTX137828"
reference	This keyword allows including cross references for audit checks. Example: reference: "PCI\|2.2.3,SANS-CSC\|1"
solution	The keyword provides text to include solution text to fix a compliance failure.
severity	This keyword allows users to set the severity of the check. The severity can be set to HIGH, MEDIUM, or LOW. Example: severity: MEDIUM
cmd	This keyword specified the `xe` command being run on the target. Example: cmd: "/usr/bin/xe subject-list params=all"
regex	This keyword allows enumerating items that match a particular regex expression. If a check has “`regex`” keyword set, but no “`expect`” or “`not_expect`” keyword is set, then the check simply reports all items matching the regex. Example: regex: "power-state.+"
expect	If expect keyword is specified, then the check passes only if all results match the “`expect`” keyword. If a result does not match the `expect` keyword, then the check will fail with all the results that do not match the `expect`. Example: <custom_item> type: AUDIT_XE description: "List Running VMs - Any non running vms." cmd: "/usr/bin/xe vm-list params=uuid,name-label,is-a-template,power-state,allowed-operations" regex: "power-state .+" expect: "running" </custom_item>
not_expect	If not_expect keyword is set, then the check the passes as long as none of the results match the not_expect regex. Example: <custom_item> type: AUDIT_XE description: "List Running VMs" cmd: "/usr/bin/xe vm-list params=uuid,name-label,is-a-template,power-state,allowed-operations" regex: "power-state .+" not_expect: "halted" </custom_item>
ignore	This keyword allows ignoring/skipping certain items from the result. Example: <custom_item> type: AUDIT_XE description: "List halted VMs" info: "Current guest VM status." cmd: "/usr/bin/xe vm-list power-state=halted params=uuid,name-label,power-state" # You can ignore VMs expected to be halted by entering their UUID here # Example ignore ignore: "669e1681-2968-7435-c88e-663501f7d8f3" </custom_item>