TOC & Recently Viewed

Recently Viewed Topics

FILE_CONTENT_CHECK_NOT

This policy item checks if the file contains the regular expression regex and that this expression does not match expect. The check is performed by calling the function ReadFile on the file handle.

Note: This check requires remote registry access for the remote Windows system to function properly

Usage

<custom_item>

type: FILE_CONTENT_CHECK_NOT

description: ["description"]

value_type: [value_type]

value_data: ["filename"]

(optional) check_type: [value]

regex: ["regex"]

expect: ["regex"]

(optional) file_option: [file_option]

</custom_item>

The allowed type is:

value_type: POLICY_TEXT

value_data: "PATH\Filename"

regex: "regex"

expect: "regex"

The following predefined paths can be used in the file/folder name:

%allusersprofile%

%windir%

%systemroot%

%commonfiles%

%programfiles%

%systemdrive%

When using this audit type, please note the following:

  • The value_data field must include the full path to the file or folder name (e.g., C:\WINDOWS\SYSTEM32) or make use of the above path keywords. If using path keywords, the remote registry must be enabled to allow Nessus to determine the path variable values.
  • The regex field checks that an item is present in the file
  • The expect field checks that the item matches the regular expression.
  • The file_option field can be set to CAN_BE_NULL to force a success if the file does not exist
  • The file_option field can be set to CAN_NOT_BE_NULL to force an error if the file exists and is empty.

Example

<custom_item>

type: FILE_CONTENT_CHECK_NOT

description: "File content for C:\WINDOWS\win.ini"

value_type: POLICY_TEXT

value_data: "C:\WINDOWS\win.ini"

(optional) check_type: [value]

regex: "au=.*"

expect: "au=MPEGVideo2"

file_option: CAN_NOT_BE_NULL

</custom_item>

Copyright © 2017. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.