The following types of control values may be specified in a compliance policy or viewed from the detailed results section of your compliance policy reports.
Some control values are specified by selecting one or more fixed value checkboxes. You simply select each value you want to include in the evaluation for the control and clear (uncheck) each value you don’t want to include in the evaluation.
Some control values are specified as integers or whole numbers. Several cardinality and operator options are available when specifying the default value for an integer data type. Your cardinality and operator selection determines how the expected value will be compared to the actual results.
Some control values must be specified as a regular expression or a list of string values and regular expressions.
The compliance module implements Perl Compatible Regular Expressions (PCRE) following the PCRE standard. Several cardinality options are available when specifying the default value for this type of control. Your cardinality selection determines how the expected value will be compared to the actual results.
Some controls identify the permissions that are set on a Windows file, folder or registry key for different user groups and individual users. In order to maximize space, the compliance module assigns each permission a letter (A,B,C,D,...) and uses the letter instead of the full permission name. If you are specifying the default value for this type of control, then you must use the same mapping. See the links below for complete information and examples.
Registry Permissions (Windows)
File/Directory Permissions (Windows)
Some Unix controls identify permissions that are set on a Unix file or directory. The compliance module returns a single string literal with permissions information in this format:
OWNER:GROUP:PERMISSIONS:ABSOLUTEPATH
where each atom in the format is separated by a colon (:).
See the link below for complete information and examples.
File/Directory Permissions (Unix)
The compliance module uses 2 special codes to indicate status information about a compliance check, also referred to as a data point. These status codes may appear in your policy and results. You may also see the values "RegTopKey not found" and "RegSubKey not found" in compliance reports, which indicate that the registry key or the path to the registry key could not be found.