Recently Viewed Topics
Check Types
The syntax for the VMware .audit capability relies heavily on XPATH and XSL Transforms to perform the functionality.
The VMware audit supports three types of checks:
AUDIT_VM
This check type allows you to audit virtual machine settings (see Appendix C for more information):
<custom_item>
type: AUDIT_VM
description: "VM Setting - 'vmsafe.enable = False'"
xsl_stmt: "<xsl:template match=\"audit:returnval\">"
xsl_stmt: "<xsl:value-of select=\"audit:propSet/audit:val[@xsi:type='VirtualMachineConfigInfo']/audit:name\"/> : vmsafe.enable : <xsl:value-of select=\"audit:propSet/audit:val[@xsi:type='VirtualMachineConfigInfo']/audit:extraConfig[audit:key[text()='vmsafe.enable']]/audit:value\"/>."
xsl_stmt: "</xsl:template>"
expect: "vmsafe.enable : 0"
</custom_item>
AUDIT_ESX
This check type allows you to audit ESX/ESXi server settings:
<custom_item>
type: AUDIT_ESX
description : "ESX/ESXi Setting - Syslog.global.logDir"
xsl_stmt: "<xsl:template match=\"audit:returnval\">"
xsl_stmt: "Syslog.global.logDir = <xsl:value-of select=\"audit:propSet/audit:val[@xsi:type='HostConfigInfo']/audit:option[audit:key[text()='Syslog.global.logDir']]/audit:value\"/>"
xsl_stmt: "</xsl:template>"
expect: "Syslog.global.logDir : /foo/bar"
</custom_item>
AUDIT_VCENTER
This check type allows you to audit vCenter settings:
<custom_item>
type: AUDIT_VCENTER
description: "VMware vCenter Setting - config.vpxd.hostPasswordLength"
xsl_stmt: "<xsl:template match=\"audit:returnval\">"
xsl_stmt: "config.vpxd.hostPasswordLength = <xsl:value-of select=\"audit:propSet/audit:val[@xsi:type='ArrayOfOptionValue']/audit:OptionValue[audit:key[text()='config.vpxd.hostPasswordLength']]/audit:value\"/>"
xsl_stmt: "</xsl:template>"
expect: "config.vpxd.hostPasswordLength : 30"
</custom_item>