TOC & Recently Viewed

Recently Viewed Topics

FILE_PERMISSIONS

This policy item checks if the FILE_PERMISSIONS ACL is correct. The check is performed by calling the function GetSecurityInfo with level 7 on the file handle.

Note: This check requires remote registry access for the remote Windows system to function properly.

Usage

<custom_item>

type: FILE_PERMISSIONS

description: ["description"]

value_type: [value_type]

value_data: [value]

(optional) check_type: [value]

file: ["filename"]

(optional) acl_option: [acl_option]

</custom_item>

The allowed type is:

value_type: FILE_ACL

value_data: "ACLname"

file: "PATH\Filename"

The following predefined paths can be used in the file/folder name:

%allusersprofile%

%windir%

%systemroot%

%commonfiles%

%programfiles%

%systemdrive%

%systemdirectory%

When using this audit, please note the following:

  • The file field must include the full path to the file or folder name (e.g., C:\WINDOWS\SYSTEM32) or make use of the above path keywords. If using path keywords, the remote registry must be enabled to allow Nessus to determine the path variable values.
  • The value_data field is the name of an ACL defined in the policy file.
  • The acl_option field can be set to CAN_BE_NULL or CAN_NOT_BE_NULL to force a success/error if the file does not exist.

Examples

<file_acl: "ACL1">

 

<user: "Administrators">

acl_inheritance: "not inherited"

acl_apply: "This object only"

acl_allow: "Full Control"

</user>

 

<user: "System">

acl_inheritance: "not inherited"

acl_apply: "This object only"

acl_allow: "Full Control"

</user>

 

</acl>

 

<custom_item>

type: FILE_PERMISSIONS

description: "Permissions for C:\WINDOWS\SYSTEM32"

value_type: FILE_ACL

value_data: "ACL1"

file: "C:\WINDOWS\SYSTEM32"

</custom_item>

<custom_item>

type: FILE_PERMISSIONS

description: "Permissions for C:\WINDOWS\SYSTEM32"

value_type: FILE_ACL

value_data: "ACL1"

file: "%SystemRoot%\SYSTEM32"

</custom_item>

When the above check is executed, the compliance module will check if the permissions defined for %SystemRoot%\SYSTEM32 match the ones described in file_acl ACL1.

Copyright © 2017. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.