You are here: Compliance Check Types > OpenStack > Syntax

TOC & Recently Viewed

Recently Viewed Topics

OpenStack Syntax

The syntax for this plugin and an audit are as follows:

<custom_item>

description: "Arbitrary text"

info: "Arbitrary text"

solution: "Arbitrary text"

reference: "REF|ID1,REF|ID2"

service: 'service to audit' # compute,network or identity

request: 'rest query'

json_transform: '' (optional) # json transform to perform on the query output

expect: "" # expected value

severity: LOW MEDIUM OR HIGH

</custom_item>

Example Queries

<custom_item>

description: "OpenStack Servers and their details"

info: "The Servers and their current state will determine what services are available."

solution: "Review the list of Servers. If any are unknown or not in the expected state they should be investigated."

reference: "CCM-3|IVS-07,HIPAA|164.308(a)(2)(D),800-53|CM-2,800-53|CM-6,800-53|CM-8,800-53|PM-7,PCI-DSS|2.2"

service: 'compute'

request: 'servers/detail'

json_transform: '.servers[]|

"\n\nName: " + .name

+ "\nID: " + .id

+ "\nStatus: " + .status

+ "\nUser_ID: " + .user_id

+ "\nCreated: " + .created

+ "\nUpdated: " + .updated

+ "\nHost_ID: " + .hostId

+ "\nTenant_ID: " + .tenant_id

+ "\n- addresses: - " + ([.addresses.[].[].addr] | join("\n - "))

'

expect: ""

severity: LOW

</custom_item>

<custom_item>

description: "OpenStack Deployment Snapshot"

info: "The OpenStack resources and their current state will determine what services are available."

solution: "Review the list of OpenStack resources. If any are unknown they should be investigated."

reference: "CCM-3|IVS-07,HIPAA|164.308(a)(2)(D),800-53|CM-2,800-53|CM-6,800-53|CM-8,800-53|PM-7,PCI-DSS|2.2"

see_also: "http://docs.openstack.org//"

service: 'compute'

request: 'limits'

json_transform: 'openstack_data|

" Users: \(.users | length)\n"

+ ([.users[] | " \(.id) - \(.username)\n"] | sort | join(""))

+ " Servers: \(.servers | length)\n"

+ ([.servers[] | " \(.id) - \(.name)\n"] | sort | join(""))

+ " Networks: \(.networks | length)\n"

+ ([.networks|.networks[] | " \(.id) - \(.name)\n"] | sort | join(""))

+ " Ports: \(.networks |.ports | length)\n"

+ ([.networks |.ports[] | " \(.id)\n"] | sort | join(""))

+ " Subnets: \(.networks |.subnets | length)\n"

+ ([.networks |.subnets[] | " \(.id) - \(.name)\n"] | sort | join(""))

+ " Images: \(.images | length)\n"

+ ([.images[] | " \(.id) - \(.name)\n"] | sort | join(""))

'

expect: ""

severity: LOW

</custom_item>

Copyright © 2017. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.