TOC & Recently Viewed

Recently Viewed Topics

AUDIT_XML

The “AUDIT_XML” audit check allows you to examine and audit the contents of an XML file by first applying XSL transforms, extracting relevant data, and then determine compliance based on the regex, expect, and not_expect keywords (see Appendix C for more information). The check consists of four or more keywords, keywords type, description file, and xsl_stmt directives (mandatory), which are followed by regex, expect, or not_expect keywords to audit the content.

Example

<custom_item>

type: AUDIT_XML

description: "1.14 - Ensure Oracle Database persistence plugin is set correctly - 'DatabasePersistencePlugin'"

file: "/opt/jboss-5.0.1.GA/server/all/deploy/ejb2-timer-service.xml"

xsl_stmt: "<xsl:template match=\"server\">"

xsl_stmt: "DatabasePersistencePlugin = <xsl:value-of select=\"/server/mbean[@code='org.jboss.ejb.txtimer.DatabasePersistencePolicy']/attribute[@name='DatabasePersistencePlugin']/text()\"/>"

xsl_stmt: "</xsl:template>"

regex: "DatabasePersistencePlugin = .+"

not_expect: "org.jboss.ejb.txtimer.GeneralPurposeDatabasePersistencePlugin"

</custom_item>

Note that the file keyword accepts wildcards. For example:

<custom_item>

type: AUDIT_XML

description: "1.14 - Ensure Oracle Database persistence plugin is set correctly - 'DatabasePersistencePlugin'"

file: "/opt/jboss-5.0.1.GA/server/all/deploy/ejb2-*.xml"

xsl_stmt: "<xsl:template match=\"server\">"

xsl_stmt: "DatabasePersistencePlugin = <xsl:value-of select=\"/server/mbean[@code='org.jboss.ejb.txtimer.DatabasePersistencePolicy']/attribute[@name='DatabasePersistencePlugin']/text()\"/>"

xsl_stmt: "</xsl:template>"

regex: "DatabasePersistencePlugin = .+"

not_expect: "org.jboss.ejb.txtimer.GeneralPurposeDatabasePersistencePlugin"

</custom_item>

Copyright 2017 - 2018 Tenable, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trademarks of Tenable, Inc. Tenable, Tenable.io, Assure, and The Cyber Exposure Company are trademarks of Tenable, Inc. All other products or services are trademarks of their respective owners.