Transcription
Nessus Compliance Checks ReferenceApril 11, 2016
Table of ContentsIntroduction . 10Prerequisites .10Standards and Conventions .10Tips on String Matching . 10Windows Configuration Audit Compliance File Reference. 11Check Type .11Value Data .12Data Types .12Complex Expressions .12The “check type” Field .13The “group policy” Field .13The “info” Field .14The “debug” Field .15ACL Format .15File Access Control Checks .15Registry Access Control Checks .17Service Access Control Checks .18Launch Permission Control Checks .19Launch2 Permission Control Checks .21Access Permission Control Checks .22Custom Items .23PASSWORD POLICY.23LOCKOUT POLICY .24KERBEROS POLICY .25AUDIT POLICY .26AUDIT POLICY SUBCATEGORY .27AUDIT POWERSHELL .29AUDIT FILEHASH POWERSHELL .33AUDIT IIS APPCMD .34AUDIT ALLOWED OPEN PORTS .36AUDIT DENIED OPEN PORTS .36AUDIT PROCESS ON PORT .37AUDIT USER TIMESTAMPS .39Copyright 2016. Tenable Network Security, Inc. All rights reserved. Tenable Network Security and Nessus are registered trademarks of Tenable Network Security, Inc.2
CHECK ACCOUNT .40CHECK LOCAL GROUP .42ANONYMOUS SID SETTING .43SERVICE POLICY .44GROUP MEMBERS POLICY .45USER GROUPS POLICY .46USER RIGHTS POLICY .46FILE CHECK .48FILE VERSION .49FILE PERMISSIONS .50FILE AUDIT .51FILE CONTENT CHECK .53FILE CONTENT CHECK NOT .54REG CHECK .55REGISTRY SETTING .56REGISTRY PERMISSIONS .60REGISTRY AUDIT .61REGISTRY TYPE .62SERVICE PERMISSIONS .63SERVICE AUDIT .65WMI POLICY .66Items .68Predefined Policies .68Forced Reporting .75Conditions .75Windows Content Audit Compliance File Reference . 77Check Type .77Item Format .78Command Line Examples .80Target Test File .80Example 1: Search for .tns documents that contain the word “Nessus” .81Example 2: Search for .tns documents that contain the word “France” .81Example 3: Search for .tns and .doc documents that contain the word “Nessus” .82Example 4: Search for .tns and .doc documents that contain the word “Nessus” and have an 11 digit number in them.82Example 5: Search for .tns and .doc documents that contain the word “Nessus” and have an 11 digit number inthem, but only display last 4 bytes .83Copyright 2016. Tenable Network Security, Inc. All rights reserved. Tenable Network Security and Nessus are registered trademarks of Tenable Network Security, Inc.3
Example 6: Search for .tns documents that contain the word “Correlation” in the first 50 bytes .84Example 7: Controlling what is displayed in output .84Example 8: Using the file name as a filter .85Example 9: Using the inclusion/exclusion keywords .86Auditing Different Types of File Formats .87Performance Considerations .87Cisco IOS Configuration Audit Compliance File Reference . 88Check Type .88Keywords .88Command Line Examples .91Example 1: Search for a Defined SNMP ACL .91Example 2: Make Sure the “finger” Service is Disabled .92Example 3: Randomness Check to Verify SNMP Community Strings and Access Control are Sufficiently Random .93Example 4: Context Check to Verify SSH Access Control .94Conditions .95Juniper Junos Configuration Audit Compliance File Reference . 96Check Type: CONFIG CHECK .96Keywords .96CONFIG CHECK Examples .98Check Type: SHOW CONFIG CHECK .99Keywords .99SHOW CONFIG CHECK Examples . 102Conditions . 103Reporting . 104Check Point GAiA Configuration Audit Compliance File Reference .105Check Type: CONFIG CHECK . 105Keywords . 105CONFIG CHECK Examples . 107Conditions .
reference the Nessus Compliance Checks for a higher-level view of how Tenable compliance checks wor
