The “AUDIT_ALLOWED_OPEN_PORTS” audit check is used to define an open port based policy. Users can specify which ports can be open on a given system, and if any other ports apart from the specified ports are open, then it will be considered a failure. A comma separates more than one port, and the port value could also be a regex.
description: "Only allow port 80,443, 808[0-9] open on Web Server"
ports: "80,443, 808[0-9]"