### Audit All Juniper Syslog Settings with CONFIG_CHECK
Source: https://docs.tenable.com/nessus/compliance-checks-reference/Content/CONFIG_CHECKExamples
This example demonstrates a broad audit of all syslog-related settings on a Juniper device using Nessus CONFIG_CHECK. It uses a general regex to capture any line starting with 'syslog'.
```nessus
type: CONFIG_CHECK
description: "Audit Syslog settings"
regex: "syslog .+"
```
--------------------------------
### SHOW_CONFIG_CHECK: Juniper Archive Site Configuration
Source: https://docs.tenable.com/nessus/compliance-checks-reference/Content/SHOW_CONFIG_CHECKExamples
Checks if an archive site is configured on a Juniper device, ensuring it starts with 'scp://'. This check uses SHOW_CONFIG_CHECK and validates the number of lines in the configuration.
```nessus
type: SHOW_CONFIG_CHECK
description: "6.2.2 Require Archive Site"
hierarchy: "system archival configuration archive-sites"
match: "scp://"
number_of_lines: "^([1-9]|[0-9][0-9]+)+$"
```
--------------------------------
### Example Launch2 ACL Configuration
Source: https://docs.tenable.com/nessus/compliance-checks-reference/Content/Launch2PermissionControlChecks
An illustrative example of a launch2 ACL configuration, demonstrating how to grant 'Launch' permissions to 'Administrators', 'INTERACTIVE', and 'SYSTEM' users on a specific object in Tenable Nessus compliance checks.
```text
acl_inheritance: "not inherited"
acl_apply: "This object only"
acl_allow: "Launch"
acl_inheritance: "not inherited"
acl_apply: "This object only"
acl_allow: "Launch"
acl_inheritance: "not inherited"
acl_apply: "This object only"
acl_allow: "Launch"
```
--------------------------------
### Tenable Nessus KB_VALUE Example: Check Port
Source: https://docs.tenable.com/nessus/compliance-checks-reference/Content/SnowflakeKBValue
An example of a KB_VALUE compliance check configuration in Tenable Nessus. This specific example checks for the port '443' by looking for numeric values in the 'public/port*' KB path.
```ini
type : KB_VALUE
description : "Check port"
kb_path : "public/port*"
regex : "[0-9]+"
expect : "443"
```
--------------------------------
### Example SHOW_CONFIG_CHECK Output (Juniper)
Source: https://docs.tenable.com/nessus/compliance-checks-reference/Content/CheckTypeSHOW_CONFIG_CHECK
This snippet shows an example of the configuration output audited by the SHOW_CONFIG_CHECK. It displays system syslog configuration in its default format, including user, host, and file settings. This format differs from the CONFIG_CHECK audit.
```text
admin> show configuration system syslog
user * {
any emergency;
}
host 1.1.1.1 {
any none;
}
file messages {
any any;
authorization info;
}
file interactive-commands {
interactive-commands any;
}
```
--------------------------------
### REGISTRY_AUDIT Example Audit File
Source: https://docs.tenable.com/nessus/compliance-checks-reference/Content/REGISTRY_AUDIT
An example of a .audit file snippet demonstrating the REGISTRY_AUDIT check. This specific example audits the registry key 'HKLM\SOFTWARE\Microsoft' against an ACL named 'ACL2', requiring remote registry access.
```text
type: REGISTRY_AUDIT
description: "Audit for HKLM\SOFTWARE\Microsoft"
value_type: REG_ACL
value_data: "ACL2"
reg_key: "HKLM\SOFTWARE\Microsoft"
```
--------------------------------
### Tenable Nessus BANNER_CHECK Example: Inline Welcome Banner
Source: https://docs.tenable.com/nessus/compliance-checks-reference/Content/BlueCoatProxySGBANNER_CHECK
An example of configuring a BANNER_CHECK to verify the 'inline welcome-banner' on a target system. It requires the banner content to exactly match the provided string.
```Nessus Policy Language
type : BANNER_CHECK
description : "inline welcome-banner is configured"
item : "inline welcome-banner"
content : "** No Unauthorized Access **"
```
--------------------------------
### Nessus Policy: Advanced Conditions with Auto-Failure (Nessus Policy Language)
Source: https://docs.tenable.com/nessus/compliance-checks-reference/Content/UnixConditions
An advanced example showcasing nested conditional logic with an 'AND' condition for checking the 'at' package installation and file permissions. It includes an 'auto' attribute in the nested condition to automatically report 'FAILED' if the inner conditions are not met, providing a more streamlined reporting process.
```Nessus Policy Language
type : RPM_CHECK
description : "at is installed"
rpm : "at-0.0.0-0"
operator : "gt"
required : YES
type : FILE_CHECK
description : "/etc/at.allow file permissions"
file : "/etc/at.allow"
owner : "root"
group : "root" || "daemon"
mask : "137"
type : FILE_CHECK
description : "/etc/at.deny file permissions"
file : "/etc/at.deny"
owner : "root"
group : "root" || "daemon"
mask : "137"
file_required : NO
description : "Make sure 'at' is secured with an allow or deny list"
show_output : YES
description : "Make sure 'at' is secured with an allow or deny list"
```
--------------------------------
### Example: Check SSH Protocol Version
Source: https://docs.tenable.com/nessus/compliance-checks-reference/Content/alcatel-timos-config-check
This example demonstrates how to use CONFIG_CHECK to verify that SSH protocol version 2 or later is enabled. It specifies the command to run and the regex pattern to match.
```plaintext
description : "Login: ssh - v2 and later is enabled"
cmd : "show system security ssh"
regex : "SSH Protocol Version 2"
expect : "Enabled"
```
--------------------------------
### Nessus FILE_CONTENT_CHECK_NOT Example Configuration
Source: https://docs.tenable.com/nessus/compliance-checks-reference/Content/FILE_CONTENT_CHECK_NOT
An example of a FILE_CONTENT_CHECK_NOT audit item configuration for Tenable Nessus. This specific example checks the 'win.ini' file for content matching 'au=.*' and ensures it does not match 'au=MPEGVideo2'. The file_option 'CAN_NOT_BE_NULL' is used.
```nessus
type: FILE_CONTENT_CHECK_NOT
description: "File content for C:\\WINDOWS\\win.ini"
value_type: POLICY_TEXT
value_data: "C:\\WINDOWS\\win.ini"
(optional) check_type: [value]
regex: "au=.*"
expect: "au=MPEGVideo2"
file_option: CAN_NOT_BE_NULL
```
--------------------------------
### Example Nessus Report Item with Custom Output
Source: https://docs.tenable.com/nessus/compliance-checks-reference/Content/SplunkAuditItems
An example illustrating the use of a `report` item in a Nessus audit file, specifically showing how to include custom output. This is useful for providing non-standard messages, such as indicating OS incompatibility.
```nessus-audit
description: "Audit file for Unix"
output : "NOTE: This audit file does not support the OS that is identified on your target."
```
--------------------------------
### Example Report Item for Unsupported OS in Nessus
Source: https://docs.tenable.com/nessus/compliance-checks-reference/Content/SnowflakeAuditItems
An example demonstrating how to use a 'report' item to communicate a specific condition, such as the audit file not supporting the target's operating system. It includes a description and custom output to inform the user.
```nessus-audit
description : "Audit file for Unix"
output : "NOTE: This audit file does not support the OS that is identified on your target."
```
--------------------------------
### Nessus Report Example with Custom Output
Source: https://docs.tenable.com/nessus/compliance-checks-reference/Content/CitrixApplicationDeliveryAuditItems
An example of a Nessus report audit item configured with a WARNING type and a custom output message indicating that the audit file does not support the target OS.
```plaintext
description : "Audit file for Unix"
output : "NOTE: This audit file does not support the OS that is identified on your target."
```
--------------------------------
### Example 1: GCP-managed Service Account Keys Check
Source: https://docs.tenable.com/nessus/compliance-checks-reference/Content/GCPKeywords
An example compliance check to ensure only GCP-managed service account keys are used for each service account.
```APIDOC
## Example 1: GCP-managed Service Account Keys Check
### Description
Ensures that there are only GCP-managed service account keys for each service account.
### Method
REST_API
### Endpoint
listIamServiceAccountKeys
### Parameters
#### Request Body
* **type** (string) - Required - REST_API
* **description** (string) - Required - "1.4 Ensure that there are only GCP-managed service account keys for each service account"
* **request** (string) - Required - "listIamServiceAccountKeys"
* **json_transform** (string) - Required - ".projects[].value.accounts[].value.keys[] | select(.keyType == \"USER_MANAGED\") | \"Type: \" + .keyType + \", Name: \" + .name"
* **regex** (string) - Required - "Type: USER_MANAGED"
* **not_expect** (string) - Required - "Name: .*\.iam\.gserviceaccount\.com/keys/"
### Request Example
```json
{
"type": "REST_API",
"description": "1.4 Ensure that there are only GCP-managed service account keys for each service account",
"request": "listIamServiceAccountKeys",
"json_transform": ".projects[].value.accounts[].value.keys[] | select(.keyType == \"USER_MANAGED\") | \"Type: \" + .keyType + \ T", Name: \" + .name",
"regex": "Type: USER_MANAGED",
"not_expect": "Name: .*\.iam\.gserviceaccount\.com/keys/"
}
```
### Response
#### Success Response (200)
- **output** (string) - The transformed output indicating service account key types and names.
#### Response Example
```json
{
"output": "Type: USER_MANAGED, Name: key-name-1\nType: USER_MANAGED, Name: key-name-2"
}
```
```
--------------------------------
### GRAMMAR_CHECK Audit Check Configuration Example
Source: https://docs.tenable.com/nessus/compliance-checks-reference/Content/UnixGRAMMAR_CHECK
This example demonstrates how to configure the GRAMMAR_CHECK audit check. It specifies the file to examine and the regular expressions to match against each line. The check fails if any line in the file does not match any of the provided regex statements.
```nessus-checks
type: GRAMMAR_CHECK
description: "Check /etc/securetty contents are OK."
file: "/etc/securetty"
regex: "console"
regex: "vc/1"
regex: "vc/2"
regex: "vc/3"
regex: "vc/4"
regex: "vc/5"
regex: "vc/6"
regex: "vc/7"
```
--------------------------------
### Tenable Nessus BANNER_CHECK Example: SSHv2 Welcome Banner
Source: https://docs.tenable.com/nessus/compliance-checks-reference/Content/BlueCoatProxySGBANNER_CHECK
This example shows how to use BANNER_CHECK to ensure the 'inline sshv2-welcome-banner' contains specific content. It verifies the exact banner text.
```Nessus Policy Language
type : BANNER_CHECK
description : "inline sshv2-welcome-banner is configured"
item : "sshv2-welcome-banner"
content : "All access is monitored and recorded."
```
--------------------------------
### Nessus KB_VALUE Compliance Check Example
Source: https://docs.tenable.com/nessus/compliance-checks-reference/Content/GenericSSHChecks
The KB_VALUE check retrieves data from the Nessus Knowledgebase (KB) and uses regular expressions to validate it. This is useful for checking information collected during a scan. This example verifies if a specific port, like 443, is registered in the KB.
```xml
type : KB_VALUE
description : "Check port"
kb_path : "public/port*"
regex : "[0-9]+"
expect : "443"
```
--------------------------------
### Audit Juniper Syslog Host Presence with CONFIG_CHECK
Source: https://docs.tenable.com/nessus/compliance-checks-reference/Content/CONFIG_CHECKExamples
This example checks for the presence of a syslog host configuration on a Juniper device using Nessus CONFIG_CHECK. It uses regex to identify syslog host entries and ensures only one such entry exists.
```nessus
type: CONFIG_CHECK
description: "Audit Syslog host"
regex: "syslog host [0-9\\.]+"
number_of_lines: "^1$"
```
--------------------------------
### CHKCONFIG Audit Check Example (Nessus)
Source: https://docs.tenable.com/nessus/compliance-checks-reference/Content/UnixCHKCONFIG
This example demonstrates the configuration for the CHKCONFIG audit check in Tenable Nessus. It specifies the type of check, a description, the service to monitor, the run levels, and the desired status (e.g., OFF). This check is specific to Red Hat-based systems.
```nessus
type: CHKCONFIG
description: "Make sure that xinetd is disabled"
service: "xinetd"
levels: "123456"
status: OFF
```
--------------------------------
### CONFIG_CHECK: Audit SNMP Settings (Nessus)
Source: https://docs.tenable.com/nessus/compliance-checks-reference/Content/GAiACONFIG_CHECKExamples
This CONFIG_CHECK example flags any SNMP settings found on a Check Point device, recommending manual review. It uses a broad 'regex' to detect any line starting with 'set snmp'. This check is useful for identifying potential SNMP exposures.
```Nessus
type: CONFIG_CHECK
description: "2.13 Secure SNMP"
regex: "set snmp .+"
severity: MEDIUM
info: "Manually review SNMP settings."
```
--------------------------------
### Juniper SHOW_CONFIG_CHECK: Match Keyword Example
Source: https://docs.tenable.com/nessus/compliance-checks-reference/Content/JuniperSHOW_CONFIG_CHECKKeywords
Demonstrates the 'match' keyword for identifying lines in a Junos configuration that contain a specific pattern. This keyword is appended to the 'show configuration' command.
```xml
type: SHOW_CONFIG_CHECK
description: "3.6 Forbid Multiple Loopback Addresses"
hierarchy: "interfaces"
match: "lo[0-9]"
```
--------------------------------
### Juniper SHOW_CONFIG_CHECK: Find and Match Keywords Example
Source: https://docs.tenable.com/nessus/compliance-checks-reference/Content/JuniperSHOW_CONFIG_CHECKKeywords
Shows how 'find' and 'match' keywords are used in a SHOW_CONFIG_CHECK to locate specific configuration lines. 'find' narrows down the search, and 'match' specifies the pattern to find within that narrowed scope.
```xml
type: SHOW_CONFIG_CHECK
description: "3.8.2 Require CHAP Authentication if Incoming Map is Used"
hierarchy: "interfaces"
find: "chap"
match: "access-profile"
```
--------------------------------
### Example F5 Custom Item: Virtual Server Connection Limit
Source: https://docs.tenable.com/nessus/compliance-checks-reference/Content/F5Syntax
An example demonstrating a custom compliance check for F5 devices. This check verifies the connection limit setting for virtual servers, utilizing f5_command, json_transform, regex, expect, and match_all for precise evaluation.
```custom_item
description : "Limit the number of concurrent sessions for virtual servers."
f5_command : "/tm/ltm/virtual"
json_transform : ".items[] | \"\\(.name) - Connection Limit = \\(.connectionLimit)\""
regex : "Connection Limit = .+"
expect : "Connection Limit = 5$"
match_all : YES
```
--------------------------------
### Juniper OS Configuration in 'set' Format
Source: https://docs.tenable.com/nessus/compliance-checks-reference/Content/CheckTypeCONFIG_CHECK
Demonstrates how to obtain Juniper OS configuration in 'set' format using the 'display set' command. This format is used by Nessus CONFIG_CHECK compliance audits.
```bash
show configuration | display set
```
```text
admin> show configuration | display set
set version 10.2R3.10
set system time-zone GMT
set system no-ping-record-route
set system root-authentication encrypted-password "$1$hSGSlnwfdsdfdfsdfsdf43534"
```
--------------------------------
### Nessus KERBEROS_POLICY Example: User Ticket Renewal Lifetime
Source: https://docs.tenable.com/nessus/compliance-checks-reference/Content/KERBEROS_POLICY
An example of a Nessus custom item configuration for the KERBEROS_POLICY check. This specific example audits the 'Maximum lifetime for user renewal ticket' by setting the 'value_type' to 'TIME_DAY' and 'value_data' to '12'.
```xml
type: KERBEROS_POLICY
description: "Maximum lifetime for user renewal ticket"
value_type: TIME_DAY
value_data: 12
kerberos_policy: USER_TICKET_RENEWAL_LIFETIME
```
--------------------------------
### Nessus CONFIG_CHECK Example: Hostname Verification
Source: https://docs.tenable.com/nessus/compliance-checks-reference/Content/ZTEChecks
This CONFIG_CHECK example verifies that an expected hostname is set within the 'system-config' section.
```nessus
type : CONFIG_CHECK
description : "Verify an expected hostname is set"
section : "system-config"
item : "hostname DeviceHostname"
```
--------------------------------
### HP ProCurve Compliance Check Example
Source: https://docs.tenable.com/nessus/compliance-checks-reference/Content/HPKeywords
Demonstrates a sample HP ProCurve compliance check using various keywords like 'type', 'description', 'context', and 'item'. This check verifies a specific configuration line within a given context.
```YAML
-
type: CONFIG_CHECK
description: "HP ProCurve - 'dhcp-bootp'"
context: "vlan 1"
item: "ip address dhcp-bootp"
```
--------------------------------
### Custom Registry Check with GUID
Source: https://docs.tenable.com/nessus/compliance-checks-reference/Content/GUID_REGISTRY_SETTING
This snippet defines a custom compliance check for a specific registry setting that is managed by MDM software and identified by a GUID. It requires remote registry access and specifies the registry key, item name, and the GUID lookup path. The value type and data are also defined.
```Nessus Compliance Checks
type : GUID_REGISTRY_SETTING
description : "Disable Camera"
value_type : POLICY_DWORD
value_data : 0
reg_key : "HKLM\SOFTWARE\Microsoft\PolicyManager\Providers\\{GUID}\default\Device\Camera"
reg_item : "AllowCamera"
guid_reg_key : "HKLM\SOFTWARE\Microsoft\PolicyManager\current\device\Camera"
```
--------------------------------
### Example 2: Service Account No Admin Privileges Check
Source: https://docs.tenable.com/nessus/compliance-checks-reference/Content/GCPKeywords
An example compliance check to ensure a Service Account does not have Admin privileges.
```APIDOC
## Example 2: Service Account No Admin Privileges Check
### Description
Ensures that a Service Account has no Admin privileges. This check aims to prevent functionality breakage by ensuring required roles are assigned to impacted service accounts.
### Method
REST_API
### Endpoint
listProjectIAM
### Parameters
#### Request Body
* **type** (string) - Required - REST_API
* **description** (string) - Required - "1.5 Ensure that Service Account has no Admin privileges"
* **request** (string) - Required - "listProjectIAM"
* **json_transform** (string) - Required - ".projects[] | .projectNumber as $projectNumber | .projectId as $projectId | .value.bindings[] | \"Project Number: \" + $projectNumber + \ T", Project ID: \" + $projectId + \ T", Member: \" + .members[] + \ T", Role: \" + .role"
* **regex** (string) - Required - "Member: serviceAccount:.*\.iam\.gserviceaccount\.com"
* **not_expect** (string) - Required - "Role: roles/.*(admin|editor|owner)"
### Request Example
```json
{
"type": "REST_API",
"description": "1.5 Ensure that Service Account has no Admin privileges",
"request": "listProjectIAM",
"json_transform": ".projects[] | .projectNumber as $projectNumber | .projectId as $projectId | .value.bindings[] | \"Project Number: \" + $projectNumber + \ T", Project ID: \" + $projectId + \ T", Member: \" + .members[] + \ T", Role: \" + .role",
"regex": "Member: serviceAccount:.*\.iam\.gserviceaccount\.com",
"not_expect": "Role: roles/.*(admin|editor|owner)"
}
```
### Response
#### Success Response (200)
- **output** (string) - The transformed output detailing project number, ID, member, and role.
#### Response Example
```json
{
"output": "Project Number: 123456789012, Project ID: my-gcp-project, Member: serviceAccount:my-service-account@my-gcp-project.iam.gserviceaccount.com, Role: roles/viewer\nProject Number: 123456789012, Project ID: my-gcp-project, Member: serviceAccount:another-service-account@my-gcp-project.iam.gserviceaccount.com, Role: roles/editor"
}
```
```
--------------------------------
### Juniper SHOW_CONFIG_CHECK: Hierarchy Keyword Example
Source: https://docs.tenable.com/nessus/compliance-checks-reference/Content/JuniperSHOW_CONFIG_CHECKKeywords
Demonstrates the use of the 'hierarchy' keyword in a SHOW_CONFIG_CHECK to target a specific part of the Junos configuration. This keyword is appended to the 'show configuration' command.
```xml
type: SHOW_CONFIG_CHECK
description: "3.6 Forbid Multiple Loopback Addresses"
hierarchy: "interfaces"
```
--------------------------------
### CONFIG_CHECK_NOT Example: Verify SNMP Strings
Source: https://docs.tenable.com/nessus/compliance-checks-reference/Content/ArubaOSChecks
This CONFIG_CHECK_NOT example is used to verify that common SNMP strings are not present in the configuration, indicating they are not in use.
```audit
type : CONFIG_CHECK_NOT
description : "Verify common SNMP strings are not used"
```
--------------------------------
### Nessus CONFIG_CHECK Example: SSH Encryption
Source: https://docs.tenable.com/nessus/compliance-checks-reference/Content/ZTEChecks
This CONFIG_CHECK example verifies that '3ds-cbc' is disabled for SSH access by checking the 'ssh server encryption' configuration.
```nessus
type : CONFIG_CHECK
description : "Ensure '3ds-cbc' is disabled for SSH access"
regex : "ssh server encryption"
item : "ssh server encryption 3des-cbc disable"
```
--------------------------------
### Juniper SHOW_CONFIG_CHECK: Not_Expect and Regex Keywords Example
Source: https://docs.tenable.com/nessus/compliance-checks-reference/Content/JuniperSHOW_CONFIG_CHECKKeywords
Demonstrates the 'not_expect' keyword, which verifies that specific configuration lines are absent. It works similarly to 'expect' but checks for the non-existence of a pattern.
```xml
regex: "syslog host [0-9\\.]+"
not_expect: "syslog host 1.2.3.4"
```
```xml
not_expect: "syslog host"
```
--------------------------------
### Juniper SHOW_CONFIG_CHECK: Property Keyword Example
Source: https://docs.tenable.com/nessus/compliance-checks-reference/Content/JuniperSHOW_CONFIG_CHECKKeywords
Illustrates the 'property' keyword for auditing specific properties within Junos configurations, often used in conjunction with other keywords like 'match' and 'hierarchy'. It can bypass the default 'show configuration' command.
```xml
type: SHOW_CONFIG_CHECK
description: "4.3.1 Require MD5 Neighbor Authentication (where OSPF is used)"
info: "Level 2, Scorable"
property: "ospf"
hierarchy: "interface detail"
match: "Auth type MD5"
```
--------------------------------
### CONFIG_CHECK Example: Ensure Telnet is Disabled
Source: https://docs.tenable.com/nessus/compliance-checks-reference/Content/ArubaOSChecks
This CONFIG_CHECK example verifies that telnet is disabled on the device by searching for the specific configuration string 'no telnet-server'.
```audit
type : CONFIG_CHECK
description : "Ensure telnet is disabled"
item : "no telnet-server"
```
--------------------------------
### Nessus CONFIG_CHECK Example: NTP Access Group Count
Source: https://docs.tenable.com/nessus/compliance-checks-reference/Content/ZTEChecks
This CONFIG_CHECK example ensures that exactly two 'ntp access-group' lines (for IPv4 or IPv6) are present in the configuration.
```nessus
type : CONFIG_CHECK
description : "Verify two ntp access-group lines are present"
item : "ntp access-group ipv(4|6)"
min_occurrences : "2"
```
--------------------------------
### Example: Check Telnet Disabled
Source: https://docs.tenable.com/nessus/compliance-checks-reference/Content/alcatel-timos-config-check
This example shows how to use CONFIG_CHECK to ensure that Telnet is disabled. It checks for the absence of the 'no telnet-server' string in the configuration.
```plaintext
description : "Login: Telnet is disabled (IPv4)"
expect : "no telnet-server"
```
--------------------------------
### Search for .tns and .doc files containing 'Nessus'
Source: https://docs.tenable.com/nessus/compliance-checks-reference/Content/SearchExamples
This audit configuration extends the search to include both .tns and .doc files for the keyword 'Nessus'. It demonstrates how to specify multiple file extensions using the pipe symbol '|'. The output will reflect matches in either file type.
```audit
-
type: FILE_CONTENT_CHECK
description: "TNS or DOC File that Contains the word Nessus"
file_extension: "tns" | "doc"
expect: "Nessus"
```
--------------------------------
### Custom Registry Check with GUID and User SID
Source: https://docs.tenable.com/nessus/compliance-checks-reference/Content/GUID_REGISTRY_SETTING
This snippet configures a custom compliance check for a registry setting that applies to specific users and is managed by MDM software using a GUID. It utilizes both {GUID} and {USER_SID} markers in the registry key path for accurate lookup. Optional parameters to ignore or include specific user SIDs are also demonstrated.
```Nessus Compliance Checks
type : GUID_REGISTRY_SETTING
value_type : POLICY_DWORD
value_data : 0
reg_key : "HKLM\SOFTWARE\Microsoft\PolicyManager\Providers\\{GUID}\default\\{USER_SID}\AttachmentManager"
reg_item : "MSIAlwaysInstallWithElevatedPrivileges"
guid_reg_key : "HKLM\SOFTWARE\Microsoft\PolicyManager\current\\{USER_SID}\AttachmentManager"
reg_ignore_hku_users : "S-1-5-18,S-1-5-19,S-1-5-20"
```
--------------------------------
### CMD_EXEC Compliance Check Configuration Example
Source: https://docs.tenable.com/nessus/compliance-checks-reference/Content/CiscoACICMD_EXEC
This snippet demonstrates the configuration of a CMD_EXEC compliance check. It specifies the command to run, optional regex for filtering output, and the expected output pattern for a successful check. This check is used to verify specific configurations by analyzing command output.
```Nessus Compliance Check
type : CMD_EXEC
description : "Ensure 'TLS 1.0' is set for HTTPS access"
cmd : "show running-config all"
regex : "ssl cipher tlsv1 custom"
expect : "ssl cipher tlsv1 custom \"[Aa][Ee][Ss]256-[Ss][Hh][Aa]\""
```
--------------------------------
### Nessus KB_VALUE Example: Port Check
Source: https://docs.tenable.com/nessus/compliance-checks-reference/Content/ZTEChecks
This KB_VALUE example checks the 'public/port*' path in the Nessus Knowledgebase to verify if port 443 is present, using a regular expression to match numeric port values.
```nessus
type : KB_VALUE
description : "Check port"
kb_path : "public/port*"
regex : "[0-9]+"
expect : "443"
```
--------------------------------
### Nessus CMD_EXEC Example: TLS 1.0 for HTTPS
Source: https://docs.tenable.com/nessus/compliance-checks-reference/Content/ZTEChecks
This CMD_EXEC example checks if 'TLS 1.0' is set for HTTPS access by examining the output of 'show running-config all' and looking for specific SSL cipher configurations.
```nessus
type : CMD_EXEC
description : "Ensure 'TLS 1.0' is set for HTTPS access"
cmd : "show running-config all"
regex : "ssl cipher tlsv1 custom"
expect : "ssl cipher tlsv1 custom \"[Aa][Ee][Ss]256-[Ss][Hh][Aa]\""
```
--------------------------------
### MACOSX_OSASCRIPT Custom Item Example: Alpha Numeric Password
Source: https://docs.tenable.com/nessus/compliance-checks-reference/Content/UnixMACOSX_OSASCRIPT
An example of a Nessus custom item using the MACOSX_OSASCRIPT check type. This specific configuration checks if the 'requireAlphanumeric' setting in 'com.apple.mobiledevice.passwordpolicy' is set to 'true'.
```nasl
type : MACOSX_OSASCRIPT
description : "Require Alpha Numeric Password Policy"
expect : "true"
payload_key : "requireAlphanumeric"
payload_type : "com.apple.mobiledevice.passwordpolicy"
```
--------------------------------
### Juniper SHOW_CONFIG_CHECK: Except Keyword Example
Source: https://docs.tenable.com/nessus/compliance-checks-reference/Content/JuniperSHOW_CONFIG_CHECKKeywords
Illustrates the 'except' keyword, which excludes lines matching a specific pattern from the results of a SHOW_CONFIG_CHECK. This is useful for filtering out unwanted configuration entries.
```xml
type: SHOW_CONFIG_CHECK
description: "6.8.1 Require External Time Sources"
hierarchy: "system ntp"
match: "server"
except: "boot-server"
```