TOC & Recently Viewed

Recently Viewed Topics

AUDIT_XML

The “AUDIT_XML” audit check allows you to examine and audit the contents of an XML file by first applying XSL transforms, extracting relevant data, and then determine compliance based on the regex, expect, and not_expect keywords (see Appendix C for more information). The check consists of four or more keywords, keywords type, description file, and xsl_stmt directives (mandatory), which are followed by regex, expect, or not_expect keywords to audit the content.

Example

<custom_item>

type: AUDIT_XML

description: "1.14 - Ensure Oracle Database persistence plugin is set correctly - 'DatabasePersistencePlugin'"

file: "/opt/jboss-5.0.1.GA/server/all/deploy/ejb2-timer-service.xml"

xsl_stmt: "<xsl:template match=\"server\">"

xsl_stmt: "DatabasePersistencePlugin = <xsl:value-of select=\"/server/mbean[@code='org.jboss.ejb.txtimer.DatabasePersistencePolicy']/attribute[@name='DatabasePersistencePlugin']/text()\"/>"

xsl_stmt: "</xsl:template>"

regex: "DatabasePersistencePlugin = .+"

not_expect: "org.jboss.ejb.txtimer.GeneralPurposeDatabasePersistencePlugin"

</custom_item>

Note that the file keyword accepts wildcards. For example:

<custom_item>

type: AUDIT_XML

description: "1.14 - Ensure Oracle Database persistence plugin is set correctly - 'DatabasePersistencePlugin'"

file: "/opt/jboss-5.0.1.GA/server/all/deploy/ejb2-*.xml"

xsl_stmt: "<xsl:template match=\"server\">"

xsl_stmt: "DatabasePersistencePlugin = <xsl:value-of select=\"/server/mbean[@code='org.jboss.ejb.txtimer.DatabasePersistencePolicy']/attribute[@name='DatabasePersistencePlugin']/text()\"/>"

xsl_stmt: "</xsl:template>"

regex: "DatabasePersistencePlugin = .+"

not_expect: "org.jboss.ejb.txtimer.GeneralPurposeDatabasePersistencePlugin"

</custom_item>

Copyright © 2017. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.