Configure a File Content Check Control (Unix)

Configure a File Content Check control to check the content of a Unix file. You'll tell us which file you want to evaluate and what you're looking for. We'll return all lines in the file that match.

 

The statement you provide is like the control name that describes what it is and how it should be implemented in the environment. You'll also need to decide which category the control belongs to. This is important because users can search and filter controls by category, they can also search by keywords in the statement.

The scan parameters are used to gather data needed for compliance evaluation at scan time.

Click Add Parameters, and make these settings:

File path - This is the path to the Unix file to be evaluated.

Regular expression - This identifies content you want to look for in the Unix file. The regular expression must follow "Basic Regular Expression (BRE)" standard as supported by a "grep" command on specific Unix platforms. When using cloud agents (if Agent UDC Support is available for your account), this regular expression should follow "Perl Compatible Regular Expressions (PCRE)" standard.

Note - When scanning the same host using the scanner and the agent, you might get different results. The agent supports regex match on single line and multiline text, and returns the matching text. The scanner supports single line regex match, and returns the entire line. If you provide a multiline regular expression the scanner will not return results, but the agent will return all matching lines of the file on the target. To get the same results, configure the regular expression to use single line regex match.

Tell me about the data typeTell me about the data type

You can choose from the following data types: Line List and String List. When you choose the data type "Line List" you'll have the operator option "regular expression" when setting the control value under Control Technologies. When you choose the data type "String List", you'll have the operator options "regular expression list" and "string list" when setting the control value.

Tell me about the descriptionTell me about the description

The control description will appear in compliance policies and reports. If you change the description at a later time, the description will be updated for all controls that use the same set of parameters.

 

Your control may apply to many technologies. Select each technology you're interested in and provide a rationale statement and expected value.

Time Saving Tip: If you plan to enter the same settings for each technology you only need to do it once. Make your selections in the "Default Values for Control Technologies" section first and then select the check box for each technology you want. You'll see that the settings get copied automatically to each technology that you select.

Make these settings:

Rationale - Enter a rationale statement describing how the control should be implemented for each technology.

Cardinality - Select a cardinality for the control. Tell me about cardinality optionsTell me about cardinality options

The available cardinality options are described below. X represents the value returned by the scanning engine and Y represents the expected value defined for the control.

Cardinality

You are compliant when

match any

any string in X matches Y

match all

all strings in X match Y

match none

no strings in X match Y

empty

X is empty

not empty

X is not empty

 

Operator - The operator is used to compare the results to the default value. When "Line List" is the data type, the operator "regular expression" is available. When "String List" is the data type, the operators "regular expression list" and "string list" are both available.

Default Value - Enter the expected value for each technology as a regular expression following PCRE standard. This regular expression is used to perform the pass/fail evaluation of the returned results. A list of strings returned in the scan results will be compared to the regular expression using the selected cardinality. Note that if you selected the "empty" or "not empty" cardinalities, the Default Value field is disabled and no value is entered.

To ensure that the control evaluation is successful for multiline regex evaluation with chars like \n and \s they need to be considered as a single line. To do so just enable the "Consider scan data as a single line for control evaluation" option.

Note: You can lock your selections for cardinality, operator, and default value if you don't want users to be able to change the value in the Policy Editor. 

Add up to 10 references for the control. These may be references to internal policies, documents and web sites. For each reference, enter a description, a URL or both. When providing a URL, you must start the URL with http://, https:// or ftp://.  For example, enter http://www.qualys.com to link to the Qualys web site. Once added users have the option to include references in policy reports.

 

Quick Links

User-Defined Controls

Sample Unix file checks

FAQs