You are here: Compliance Check Types > Unix Configuration > Conditions

TOC & Recently Viewed

Recently Viewed Topics

Conditions

It is possible to define if/then/else logic in the Unix policy. This allows the end-user to use a single file that is able to handle multiple configurations. For instance, the same policy file can check the settings for Postfix and Sendmail by using the proper if/then/else syntax.

The syntax to perform conditions is the following:

<if>

<condition type: "or">

<Insert your audit here>

</condition>

<then>

<Insert your audit here>

</then>

<else>

<Insert your audit here>

</else>

</if>

Example

<if>

<condition type: "or">

<custom_item>

type: FILE_CHECK

description: "Make sure /etc/passwd contains root"

file: "/etc/passwd"

owner: "root"

</custom_item>

</condition>

 

<then>

<custom_item>

type: FILE_CONTENT_CHECK

description: "Make sure /etc/passwd contains root (then)"

file: "/etc/passwd"

regex: "^root"

expect: "^root"

</custom_item>

</then>

 

<else>

<custom_item>

type: FILE_CONTENT_CHECK

description: "Make sure /etc/passwd contains root (else)"

file: "/etc/passwd"

regex: "^root"

expect: "^root"

</custom_item>

</else>

</if>

Whether the condition fails or passes never shows up in the report because it is a “silent” check.

Conditions can be of type and or or.

Copyright © 2017. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.