Don't know if this is the proper way to ask this but I'm in the process of
trying to convince MGMT to utilize nessus Windows compliance .audit file
to run against our workstations. It's worse than trying to bra train a
little girl.
Anyway I'm looking at the .audit file and one entry looks like the
following:
<custom_item>
type: SERVICE_POLICY
description: "PCI 2.2.2 Disable all unnecessary and insecure services and
protocols, Service Alerter Disabled"
value_type: SERVICE_SET
value_data: "Disabled"
service_name: "Alerter"
svc_option: CAN_BE_NULL
</item>
<custom_item>
type: PASSWORD_POLICY
description: "PCI 8.5.9 Change user passwords at least every 90 days"
value_type: TIME_DAY
value_data: [MIN..90]
password_policy: MAXIMUM_PASSWORD_AGE
</item>
I'd like to include a policy to check to determine if the screen saver is
set to over 5 minutes. This might be several <custom_items> one to check
to see if the screen saver is running and the other to determine if it's
set to less than 15 minutes. I know this would probably be found in the
system registry but I'm really not sure what or how these audit files work
against windows machines.
I'd like to set up a few of my own tests to determine a variety of
settings but what am I looking for and if say the PASSWORD_POLICY is not
in the registry (which is is not; under that name) where does it look for
this information?
Thanks
Frank Kenisky IV, CISSP, CISA, CISM
Information Technical Security Specialist
(210) 301-6433 - (210) 887-6985
trying to convince MGMT to utilize nessus Windows compliance .audit file
to run against our workstations. It's worse than trying to bra train a
little girl.
Anyway I'm looking at the .audit file and one entry looks like the
following:
<custom_item>
type: SERVICE_POLICY
description: "PCI 2.2.2 Disable all unnecessary and insecure services and
protocols, Service Alerter Disabled"
value_type: SERVICE_SET
value_data: "Disabled"
service_name: "Alerter"
svc_option: CAN_BE_NULL
</item>
<custom_item>
type: PASSWORD_POLICY
description: "PCI 8.5.9 Change user passwords at least every 90 days"
value_type: TIME_DAY
value_data: [MIN..90]
password_policy: MAXIMUM_PASSWORD_AGE
</item>
I'd like to include a policy to check to determine if the screen saver is
set to over 5 minutes. This might be several <custom_items> one to check
to see if the screen saver is running and the other to determine if it's
set to less than 15 minutes. I know this would probably be found in the
system registry but I'm really not sure what or how these audit files work
against windows machines.
I'd like to set up a few of my own tests to determine a variety of
settings but what am I looking for and if say the PASSWORD_POLICY is not
in the registry (which is is not; under that name) where does it look for
this information?
Thanks
Frank Kenisky IV, CISSP, CISA, CISM
Information Technical Security Specialist
(210) 301-6433 - (210) 887-6985