To get to this page: Select Controls from the left menu. Go to New > Control. Click the Unix Control Types tab. Click Get Started for the File Content Check control type. (Or click edit for any control of this type you want to change.)
The File Content Check control type checks the content of a Unix file. See Sample Unix File Content Checks to see some sample controls that you can create.
Once saved, the service will assign the control a unique control ID (CID). The CID is visible when you edit the control and when you view Technical Control Information from the controls list.
In the General Information section, provide basic information for the control, including a control statement and category. See General Information for details.
In the Scan Parameters section, specify the scan parameters that the scanning engine will use to gather data for the control. The scan parameters combined make up a single data point. You must also enter a description for the data point, which will appear in compliance policies and reports
File path. Enter the absolute path to the file on your Unix system that will be evaluated.
Regular expression. A regular expression represents a pattern-matching rule for identifying content in a Unix file. A file content check control will return all lines in the specified file that contain the content specified by the regular expression. For example, if you enter the path "/etc/resolv.conf" and the regular expression "^nameserver" the check returns all lines that start with the string "nameserver" in the file "/etc/resolv.conf". See Sample Unix File Content Checks for more examples. See Regular Expression Symbols for standard symbols and their meanings.
PCRE standard: The compliance module implements Perl Compatible Regular Expressions (PCRE) following the PCRE standard. For information on this standard, go to http://www.pcre.org/. For information on building proper regular expressions for controls using this standard, go to http://perldoc.perl.org/perlre.html. Note that users should escape these special characters in PCRE regular expressions for string matching to occur correctly:
( ) [ ] | ^ $ -
For example, to match the string "(cs" you must enter "\(cs" (add backslash before the special character).
Data Type. (View only) The data type of the value returned by the scanning engine. For a file content check control this is set to "Line List" by default.
Description. Enter a description for the custom control which will appear in compliance policies and reports.
Click Add to add parameters and close the Scan Parameters window. You will notice the Edit Parameters button is available. Click this button to edit parameters before saving the control.
See also:
Add/Edit Scan Parameters in a New Control
Update the Data Point Description in an Existing Control
In the Control Technologies section, identify the technologies applicable to the control. For each technology, provide a rationale statement, select a cardinality (if applicable), select an operator, and set the default control value.
Enter a rationale statement describing how the control should be implemented for each technology.
Select a cardinality for the custom control. The available cardinality options are described below. X represents the value returned by the scanning engine and Y represents the expected value defined for the control.
cardinality |
you are compliant when |
match any |
any string in X matches Y |
match all |
all strings in X match Y |
match none |
no strings in X match Y |
empty |
X is empty |
not empty |
X is not empty |
Select the Lock Cardinality option to lock the cardinality. When locked, users cannot change the cardinality in the Policy Editor.
(View only) The operator "regular expression" is used to compare the results to the default value, which is specified as a regular expression.
Specify the expected value for each technology as a regular expression. A list of strings returned in the scan results will be compared to the regular expression using the selected cardinality. See Regular Expression Symbols for standard symbols and their meanings. Note that if you selected the "empty" or "not empty" cardinalities, then the Default Value field is disabled and no value is entered.
PCRE standard: The compliance module implements Perl Compatible Regular Expressions (PCRE) following the PCRE standard. For information on this standard, go to http://www.pcre.org/. For information on building proper regular expressions for controls using this standard, go to http://perldoc.perl.org/perlre.html. Note that users should escape special characters in PCRE regular expressions for string matching to occur correctly:
( ) [ ] | ^ $ -
For example, to match the string "(cs" you must enter "\(cs" (add backslash before the special character).
Select the Lock Value option to lock the default value. When locked, users cannot change the default value in the Policy Editor.
In the References section, add or remove references to internal policies and documents. See References for details.