TOC & Recently Viewed

Recently Viewed Topics

GROUP_MEMBERS_POLICY

This policy item checks that there is a specific list of users present in one or more groups.

Usage

<custom_item>

type: GROUP_MEMBERS_POLICY

description: ["description"]

value_type: [value type]

value_data: [value]

(optional) check_type: [value]

group_name: ["group name"]

</custom_item>

The allowed type is:

value_type: POLICY_TEXT or POLICY_MULTI_TEXT

value_data: "user1" && "user2" && ... && "usern"

When using this audit, please note that a user name can be specified with the domain name like “MYDOMAIN\John Smith” and the group_name field specifies a single group for auditing.

Examples

A single Nessus .audit file can specify multiple different customer items, so it is very easy to audit lists of users in multiple groups. Here is an example .audit policy that looks for the “Administrators” group to only contain the “Administrator” and “TENABLE\Domain admins” user:

<custom_item>

type: GROUP_MEMBERS_POLICY

description: "Checks Administrators members"

value_type: POLICY_MULTI_TEXT

value_data: "Administrator" && "TENABLE\Domain admins"

group_name: "Administrators"

</custom_item>

Here is an example screen capture of running the above .audit file content against a Windows 2003 server:

Copyright © 2017. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.