TOC & Recently Viewed

Recently Viewed Topics

Check Types

The syntax for the VMware .audit capability relies heavily on XPATH and XSL Transforms to perform the functionality.

The VMware audit supports three types of checks:

AUDIT_VM

This check type allows you to audit virtual machine settings (see Appendix C for more information):

<custom_item>

type: AUDIT_VM

description: "VM Setting - 'vmsafe.enable = False'"

xsl_stmt: "<xsl:template match=\"audit:returnval\">"

xsl_stmt: "<xsl:value-of select=\"audit:propSet/audit:val[@xsi:type='VirtualMachineConfigInfo']/audit:name\"/> : vmsafe.enable : <xsl:value-of select=\"audit:propSet/audit:val[@xsi:type='VirtualMachineConfigInfo']/audit:extraConfig[audit:key[text()='vmsafe.enable']]/audit:value\"/>."

xsl_stmt: "</xsl:template>"

expect: "vmsafe.enable : 0"

</custom_item>

AUDIT_ESX

This check type allows you to audit ESX/ESXi server settings:

<custom_item>

type: AUDIT_ESX

description : "ESX/ESXi Setting - Syslog.global.logDir"

xsl_stmt: "<xsl:template match=\"audit:returnval\">"

xsl_stmt: "Syslog.global.logDir = <xsl:value-of select=\"audit:propSet/audit:val[@xsi:type='HostConfigInfo']/audit:option[audit:key[text()='Syslog.global.logDir']]/audit:value\"/>"

xsl_stmt: "</xsl:template>"

expect: "Syslog.global.logDir : /foo/bar"

</custom_item>

AUDIT_VCENTER

This check type allows you to audit vCenter settings:

<custom_item>

type: AUDIT_VCENTER

description: "VMware vCenter Setting - config.vpxd.hostPasswordLength"

xsl_stmt: "<xsl:template match=\"audit:returnval\">"

xsl_stmt: "config.vpxd.hostPasswordLength = <xsl:value-of select=\"audit:propSet/audit:val[@xsi:type='ArrayOfOptionValue']/audit:OptionValue[audit:key[text()='config.vpxd.hostPasswordLength']]/audit:value\"/>"

xsl_stmt: "</xsl:template>"

expect: "config.vpxd.hostPasswordLength : 30"

</custom_item>

Copyright © 2017. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.