TOC & Recently Viewed

Recently Viewed Topics

FILE_CONTENT_CHECK

As with testing the existence and settings of a file, the content of text files can also be analyzed. Regular expressions can be used to search one or more locations for existing content. Use the “ignore” keyword to ignore one or more files from the specified search location(s).

The string_required field can be set to specify if the audited string being searched for is required to be present or not. If this option is not set, it is assumed it is required. The file_required field can be set to specify if the audited file is required to be present or not. If this option is not set, it is assumed it is required.

Examples

<custom_item>

system: "Linux"

type: FILE_CONTENT_CHECK

description: "This check reports a problem when the log level setting in the sendmail.cf file is less than the value set in your security policy."

file: "sendmail.cf"

regex: ".*LogLevel=.*$"

expect: ".*LogLevel=9"

</custom_item>

<custom_item>

system: "Linux"

type: FILE_CONTENT_CHECK

file: "sendmail.cf"

search_locations: "/etc:/etc/mail:/usr/local/etc/mail/"

regex: ".*PrivacyOptions=".*"

expect: ".*PrivacyOptions=.*,novrfy,.*"

</custom_item>

<custom_item>

#System: "Linux"

type: FILE_CONTENT_CHECK

description: "FILE_CONTENT_CHECK"

file: "/root/test2/foo*"

# ignore single file

ignore: "/root/test/2"

# ignore all files in a directory

ignore: "/root/test/*"

#ignore certain files from a directory

ignore: "/root/test/foo*"

regex: "FOO"

expect: "FOO1"

file_required: NO

string_required: NO

</custom_item>

By adding a “~” to a file parameter, it is possible to have FILE_CONTENT_CHECK scan user’s home directories for non-compliant content.

<custom_item>

system: "Linux"

type: FILE_CONTENT_CHECK

description: "Check all user home directories"

file: "~/.rhosts"

ignore: "/.foo"

regex: "\\+"

expect: "\\+"

</custom_item>

Copyright © 2017. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.