Recently Viewed Topics
The “FILE_CHECK_NOT” audit consists of three or more keywords. The keywords
file are mandatory and are followed by one or more checks. Current syntax supports checking for owner, group and file permissions. Similar to the FILE_CHECK audit, the “
ignore” keyword can be used to ignore one or more files if a file glob is specified.
This function is the opposite of FILE_CHECK. A policy fails if a file does not exist or if its mode is the same as the one defined in the check itself.
It is possible to use globs in FILE_CHECK_NOT (e.g.,
/var/log/*). However, note that globs will only be expanded to files, not to directories.
description: "Make sure /bin/bash does NOT belong to root"
description: "Make sure that /usr/bin/ssh does NOT exist"
description: "Make sure /root is NOT world writeable"