TOC & Recently Viewed

Recently Viewed Topics

SVC_PROP

The “SVC_PROP” audit check lets one interact with the svcprop –p tool on a Solaris 10 system. This can be used to query properties associated with a specific service. The service keyword is used to specify the service that is being audited. The property keyword specifies the name of the property that we want to query. The value keyword is the expected value of the property. The expected value can also be a regex.

The svcprop_option field can be set to specify if the audited string being searched for is required to be present or not. This field access CAN_BE_NULL or CANNOT_BE_NULL as arguments.

Examples

<custom_item>

type: SVC_PROP

description: "Check service status"

service: "cde-ttdbserver:tcp"

property: "general/enabled"

value: "false"

</custom_item>

<custom_item>

type: SVC_PROP

description: "Make sure FTP logging is set"

service: "svc:/network/frp:default"

property: "inetd_start/exec"

regex: ".*frpd.*-1"

</custom_item>

<custom_item>

type: SVC_PROP

description: "Check if ipfilter is enabled – can be missing or not found"

service: "network/ipfilter:default"

property: "general/enabled"

value: "true"

svcprop_option: CAN_BE_NULL

</custom_item>

Copyright © 2017. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.