Configure a File Content Check (Agent Only) Control for Unix

Configure a File Content Check (Agent Only) control to check the content of a Unix file. You'll tell us which file you want to evaluate and what you're looking for. We'll return all lines in the file that match. Note that only first 40kb of results are returned in the output file.

Good to Know

Please note the following for File Content Check (Agent Only) UDC:

- This control is only supported for Cloud Agents, which means that this control will only be evaluated using agent scan data.

- The File Content Check (Agent Only) UDC is supported on Linux Agent 4.7 or later


The statement you provide is like the control name that describes what it is and how it should be implemented in the environment. You'll also need to decide which category the control belongs to. This is important because users can search and filter controls by category, they can also search by keywords in the statement.

These are the search parameters you want to use. You'll tell us where to start our search (the base directory) and what you want to match.

Base Directory

The base directory is the directory you want to search. Be as specific as you can to reduce the search time (there is a time limit). Then make additional settings that tell us how many levels we should search within the directory, and what to do when we come across other file systems and symbolic links.

Regular Expression

This identifies the contents you want to look for in a file. The regular expression retrieves the data from the asset and returns the matching data in actual value in report (e.g. .* ,  ^.OriginalRegex.*?*$)

File/Directory Name

Use these fields to find files and directories based on the name. You'll notice that * is used by default for the File Name Include and Directory Name Include, meaning that all files will be a match.

Note - When entering a file name, be sure to include only the file name, not the path to the file. When entering a directory name, only include the directory, not a file name.

Search Limits

You'll also want to set search limits - the max search time and the max number of results to return. We'll stop the search as soon as we hit one of these limits.

Data Type and Description

You'll see that "String List" is selected as the data type for this control type. This means we'll return a list of matches in the scan results.

The control description will appear in compliance policies and reports. If you change the description at a later time, the description will be updated for all controls that use the same set of parameters.

Your control may apply to many technologies. Select each technology you're interested in and provide a rationale statement and expected value.

Time Saving Tip: If you plan to enter the same settings for each technology you only need to do it once. Make your selections in the "Default Values" section first and then select the check box for each technology you want. You'll see that the settings get copied automatically to each technology that you select.

Make these settings:

Rationale - Enter a rationale statement describing how the control should be implemented for each technology.

Cardinality - Select a cardinality for the control. Tell me about cardinalitiesTell me about cardinalities

A list of strings in the scan results (X) is compared to a list of strings defined for the control (Y). The control values include the default value (a string) and a cardinality. The possible cardinalities are described below.


You are compliant when


X contains all of Y

does not contain

X does not contain any of Y


any string in X matches any string in Y


all strings in X match all strings in Y (listed in any order)

is contained in

all strings in X are contained in Y


Operator - The operator can be a "regular expression list" or a "string list". We'll use the operator to compare the scan results to the default value.

Default Value - Enter the expected value for each technology as a list of regular expressions or strings. The list of strings returned in the scan results will be compared to the list of strings defined for the control. Learn more

You can lock the Cardinality, Operator or Default Value if you don't want users to be able to change these values in the Policy Editor.

Add up to 10 references for the control. These may be references to internal policies, documents and web sites. For each reference, enter a description, a URL or both. When providing a URL, you must start the URL with http://, https:// or ftp://. For example, enter to link to the Qualys web site. Once added users have the option to include references in policy reports.



Quick Links

User-Defined Controls

Agent UDC Support

Sample Unix File Content Checks