Control Type
File/Directory PATH
regular expression
hash type
data Type
File/Directory Existence
Boolean
File/Directory Permission
String
File Content Check
Line List
File Integrity Check
String
In the Scan Parameters section, identify the scan parameters that the scanning engine will use to gather data for the control. Depending on the control type, there will be one or more scan parameters required. The scan parameters combined make up a unique data point. Each data point must have a description associated with it which will appear in compliance policies and reports.
The following table shows the scan parameters required for each control type.
Control Type |
File/Directory PATH |
regular expression |
hash type |
data Type |
File/Directory Existence |
|
|
|
Boolean |
File/Directory Permission |
|
|
|
String |
File Content Check |
|
|
|
Line List |
File Integrity Check |
|
|
|
String |
You must provide the path to the file or directory to be evaluated on your Unix system.
This applies only to a file content check control type. A regular expression, as defined for the control, represents a pattern-matching rule for identifying content in a Unix file. A file content check control will return all lines in the specified file that contain the content specified by the regular expression. For example, if you enter the path "/etc/resolv.conf" and the regular expression "^nameserver" the check returns all lines that start with the string "nameserver" in the file "/etc/resolv.conf". See Sample Unix File Content Checks for more examples. See Regular Expression Symbols for standard symbols and their meanings.
PCRE standard: The compliance module implements Perl Compatible Regular Expressions (PCRE) following the PCRE standard. For information on this standard, go to http://www.pcre.org/. For information on building proper regular expressions for controls using this standard, go to http://perldoc.perl.org/perlre.html. Note that users should escape special characters in PCRE regular expressions for string matching to occur correctly:
( ) [ ] | ^ $ -
For example, to match the string "(cs" you must enter "\(cs" (add backslash before the special character).
For a file integrity check control, the hash type identifies the algorithm to be used for computing the file hash. The supported hash types are: MD5 (insecure competitive matching only) 16-byte digest, SHA1 (insecure competitive matching only) 20-byte digest, and SHA256 (Secure) 32-byte digest.
The data type represents the type of data that is returned by the scanning engine for the control type. The data types available for each control type are listed below.
Control Type |
DATA type |
Description |
File/Directory Existence |
Boolean |
A True or False value is returned. |
File/Directory Permission |
String |
A list of string values is returned. |
File Content Check |
Line List |
A list of line values is returned. |
File Integrity Check |
String |
A string value is returned. |
Enter a description for the control. A custom control represents the set of scan parameters that define a unique data point. The description will be saved as part of the data point configuration.