You are here: Compliance Check Types > Windows Configuration > Custom Items > SERVICE_AUDIT

SERVICE_AUDIT

This policy item checks if the service ACL is correct. The check is performed by calling the function QueryServiceObjectSecurity on the service handle.

Usage

<custom_item>

type: SERVICE_AUDIT

description: ["description"]

value_type: [value_type]

value_data: [value]

(optional) check_type: [value]

service: ["servicename"]

(optional) acl_option: [acl_option]

</custom_item>

The allowed type is:

value_type: SERVICE_ACL

value_data: "ACLname"

service: "ServiceName"

When using this audit type, please note the following:

  • The value_data field is the name of the ACL defined in the policy file.
  • The acl_option field can be set to CAN_BE_NULL or CAN_NOT_BE_NULL to force a success/error if the key does not exist.
  • The acl_allow and acl_deny fields correspond to “Successful” and “Failed” audit events.

Example

Here is an example .audit file for auditing the “Alerter” service:

<custom_item>

type: SERVICE_AUDIT

description: "Audit for Alerter Service"

value_type: SERVICE_ACL

value_data: "ACL3"

service: "Alerter"

</custom_item>

Copyright © 2017. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.