Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. Nessus>
  3. users
.audit code question
jfvanmeter at comcast
Oct 10, 2008, 6:33 AM
Post #1 of 6 (3537 views)
Permalink
Hello Everyone, does anyone see anything wrong with the below or anything that I should add.

I just want the test to check the regkey and pass it the value_data matches or fail it it doesn't.

<custom_item>
type: REGISTRY_SETTING
description: "CCE-1543 - Excel 2007 - Enable Block opening of Html and Xmlss files types"
value_type: POLICY_DWORD
value_data: "1"
reg_key: "HKCU\Software\Policies\Microsoft\Office\12.0\Excel\Security\FileOpenBlock\"
reg_item: "HtmlandXmlssFiles"
</item>

Thanks --John
--
"When the legend becomes fact, print the legend."
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
Re: .audit code question [ In reply to ]
pdavis at tenablesecurity
Oct 10, 2008, 8:16 AM
Post #2 of 6 (3446 views)
Permalink
John,

The syntax looks fine at a glance, however, it usually makes sense to query from HKLM and not HKCU whenever possible because of the transient
nature of HKCU.

jfvanmeter@comcast.net wrote:
> Hello Everyone, does anyone see anything wrong with the below or anything that I should add.
>
> I just want the test to check the regkey and pass it the value_data matches or fail it it doesn't.
>
> <custom_item>
> type: REGISTRY_SETTING
> description: "CCE-1543 - Excel 2007 - Enable Block opening of Html and Xmlss files types"
> value_type: POLICY_DWORD
> value_data: "1"
> reg_key: "HKCU\Software\Policies\Microsoft\Office\12.0\Excel\Security\FileOpenBlock\"
> reg_item: "HtmlandXmlssFiles"
> </item>
>
> Thanks --John
> --
> "When the legend becomes fact, print the legend."
> _______________________________________________
> Nessus mailing list
> Nessus@list.nessus.org
> http://mail.nessus.org/mailman/listinfo/nessus
>

--
Best Regards,

Paul Davis
Research Engineer
Tenable Network Security Inc
Phone: 410.872.0555 x245
www.tenablesecurity.com

Is your network TENABLE?
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
Re: .audit code question [ In reply to ]
jfvanmeter at comcast
Oct 10, 2008, 8:54 AM
Post #3 of 6 (3444 views)
Permalink
Thanks Paul, the settings are defined under hkcu so I'm stuck quering that path.

--
"When the legend becomes fact, print the legend."


-------------- Original message ----------------------
From: Paul Davis <pdavis@tenablesecurity.com>
> John,
>
> The syntax looks fine at a glance, however, it usually makes sense to query from
> HKLM and not HKCU whenever possible because of the transient
> nature of HKCU.
>
> jfvanmeter@comcast.net wrote:
> > Hello Everyone, does anyone see anything wrong with the below or anything that
> I should add.
> >
> > I just want the test to check the regkey and pass it the value_data matches or
> fail it it doesn't.
> >
> > <custom_item>
> > type: REGISTRY_SETTING
> > description: "CCE-1543 - Excel 2007 - Enable Block opening of Html and Xmlss
> files types"
> > value_type: POLICY_DWORD
> > value_data: "1"
> > reg_key:
> "HKCU\Software\Policies\Microsoft\Office\12.0\Excel\Security\FileOpenBlock\"
> > reg_item: "HtmlandXmlssFiles"
> > </item>
> >
> > Thanks --John
> > --
> > "When the legend becomes fact, print the legend."
> > _______________________________________________
> > Nessus mailing list
> > Nessus@list.nessus.org
> > http://mail.nessus.org/mailman/listinfo/nessus
> >
>
> --
> Best Regards,
>
> Paul Davis
> Research Engineer
> Tenable Network Security Inc
> Phone: 410.872.0555 x245
> www.tenablesecurity.com
>
> Is your network TENABLE?

_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
Re: .audit code question [ In reply to ]
jfvanmeter at comcast
Oct 10, 2008, 9:31 AM
Post #4 of 6 (3447 views)
Permalink
Is there a length limit to the description field?

--
"When the legend becomes fact, print the legend."


-------------- Original message ----------------------
From: jfvanmeter@comcast.net
> Thanks Paul, the settings are defined under hkcu so I'm stuck quering that path.
>
> --
> "When the legend becomes fact, print the legend."
>
>
> -------------- Original message ----------------------
> From: Paul Davis <pdavis@tenablesecurity.com>
> > John,
> >
> > The syntax looks fine at a glance, however, it usually makes sense to query
> from
> > HKLM and not HKCU whenever possible because of the transient
> > nature of HKCU.
> >
> > jfvanmeter@comcast.net wrote:
> > > Hello Everyone, does anyone see anything wrong with the below or anything
> that
> > I should add.
> > >
> > > I just want the test to check the regkey and pass it the value_data matches
> or
> > fail it it doesn't.
> > >
> > > <custom_item>
> > > type: REGISTRY_SETTING
> > > description: "CCE-1543 - Excel 2007 - Enable Block opening of Html and
> Xmlss
> > files types"
> > > value_type: POLICY_DWORD
> > > value_data: "1"
> > > reg_key:
> > "HKCU\Software\Policies\Microsoft\Office\12.0\Excel\Security\FileOpenBlock\"
> > > reg_item: "HtmlandXmlssFiles"
> > > </item>
> > >
> > > Thanks --John
> > > --
> > > "When the legend becomes fact, print the legend."
> > > _______________________________________________
> > > Nessus mailing list
> > > Nessus@list.nessus.org
> > > http://mail.nessus.org/mailman/listinfo/nessus
> > >
> >
> > --
> > Best Regards,
> >
> > Paul Davis
> > Research Engineer
> > Tenable Network Security Inc
> > Phone: 410.872.0555 x245
> > www.tenablesecurity.com
> >
> > Is your network TENABLE?
>
> _______________________________________________
> Nessus mailing list
> Nessus@list.nessus.org
> http://mail.nessus.org/mailman/listinfo/nessus

_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
Re: .audit code question [ In reply to ]
pdavis at tenablesecurity
Oct 10, 2008, 9:58 AM
Post #5 of 6 (3448 views)
Permalink
John,

While the description field can be quite long, for readability purposes, the best way to handle long description fields is to take advantage of
"INFO" tags:

e.g.

info: "CCE-1543 - Excel 2007"
info: "Test of HKCU\Software\Policies\Microsoft\Office\12.0\Excel\Security\FileOpenBlock\HtmlandXmlssFiles"
info: "Policy DWORD value should be 1"

This allows you to add multiple lines of descriptive text if needed.

I hope this helps!

Paul


jfvanmeter@comcast.net wrote:
> Is there a length limit to the description field?
>
> --
> "When the legend becomes fact, print the legend."
>
>
> -------------- Original message ----------------------
> From: jfvanmeter@comcast.net
>> Thanks Paul, the settings are defined under hkcu so I'm stuck quering that path.
>>
>> --
>> "When the legend becomes fact, print the legend."
>>
>>
>> -------------- Original message ----------------------
>> From: Paul Davis <pdavis@tenablesecurity.com>
>>> John,
>>>
>>> The syntax looks fine at a glance, however, it usually makes sense to query
>> from
>>> HKLM and not HKCU whenever possible because of the transient
>>> nature of HKCU.
>>>
>>> jfvanmeter@comcast.net wrote:
>>>> Hello Everyone, does anyone see anything wrong with the below or anything
>> that
>>> I should add.
>>>> I just want the test to check the regkey and pass it the value_data matches
>> or
>>> fail it it doesn't.
>>>> <custom_item>
>>>> type: REGISTRY_SETTING
>>>> description: "CCE-1543 - Excel 2007 - Enable Block opening of Html and
>> Xmlss
>>> files types"
>>>> value_type: POLICY_DWORD
>>>> value_data: "1"
>>>> reg_key:
>>> "HKCU\Software\Policies\Microsoft\Office\12.0\Excel\Security\FileOpenBlock\"
>>>> reg_item: "HtmlandXmlssFiles"
>>>> </item>
>>>>
>>>> Thanks --John
>>>> --
>>>> "When the legend becomes fact, print the legend."
>>>> _______________________________________________
>>>> Nessus mailing list
>>>> Nessus@list.nessus.org
>>>> http://mail.nessus.org/mailman/listinfo/nessus
>>>>
>>> --
>>> Best Regards,
>>>
>>> Paul Davis
>>> Research Engineer
>>> Tenable Network Security Inc
>>> Phone: 410.872.0555 x245
>>> www.tenablesecurity.com
>>>
>>> Is your network TENABLE?
>> _______________________________________________
>> Nessus mailing list
>> Nessus@list.nessus.org
>> http://mail.nessus.org/mailman/listinfo/nessus
>
>

--
Best Regards,

Paul Davis
Research Engineer
Tenable Network Security Inc
Phone: 410.872.0555 x245
www.tenablesecurity.com

Is your network TENABLE?
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
RE: .audit code question [ In reply to ]
John.F.Vanmeter at wdc
Oct 13, 2008, 3:53 AM
Post #6 of 6 (3440 views)
Permalink
Thank you Paul

________________________________

From: nessus-bounces@list.nessus.org on behalf of Paul Davis
Sent: Fri 10/10/2008 12:58 PM
To: jfvanmeter@comcast.net
Cc: Nessus
Subject: Re: .audit code question



John,

While the description field can be quite long, for readability purposes, the best way to handle long description fields is to take advantage of
"INFO" tags:

e.g.

info: "CCE-1543 - Excel 2007"
info: "Test of HKCU\Software\Policies\Microsoft\Office\12.0\Excel\Security\FileOpenBlock\HtmlandXmlssFiles"
info: "Policy DWORD value should be 1"

This allows you to add multiple lines of descriptive text if needed.

I hope this helps!

Paul


jfvanmeter@comcast.net wrote:
> Is there a length limit to the description field?
>
> --
> "When the legend becomes fact, print the legend."
>
>
> -------------- Original message ----------------------
> From: jfvanmeter@comcast.net
>> Thanks Paul, the settings are defined under hkcu so I'm stuck quering that path.
>>
>> --
>> "When the legend becomes fact, print the legend."
>>
>>
>> -------------- Original message ----------------------
>> From: Paul Davis <pdavis@tenablesecurity.com>
>>> John,
>>>
>>> The syntax looks fine at a glance, however, it usually makes sense to query
>> from
>>> HKLM and not HKCU whenever possible because of the transient
>>> nature of HKCU.
>>>
>>> jfvanmeter@comcast.net wrote:
>>>> Hello Everyone, does anyone see anything wrong with the below or anything
>> that
>>> I should add.
>>>> I just want the test to check the regkey and pass it the value_data matches
>> or
>>> fail it it doesn't.
>>>> <custom_item>
>>>> type: REGISTRY_SETTING
>>>> description: "CCE-1543 - Excel 2007 - Enable Block opening of Html and
>> Xmlss
>>> files types"
>>>> value_type: POLICY_DWORD
>>>> value_data: "1"
>>>> reg_key:
>>> "HKCU\Software\Policies\Microsoft\Office\12.0\Excel\Security\FileOpenBlock\"
>>>> reg_item: "HtmlandXmlssFiles"
>>>> </item>
>>>>
>>>> Thanks --John
>>>> --
>>>> "When the legend becomes fact, print the legend."
>>>> _______________________________________________
>>>> Nessus mailing list
>>>> Nessus@list.nessus.org
>>>> http://mail.nessus.org/mailman/listinfo/nessus
>>>>
>>> --
>>> Best Regards,
>>>
>>> Paul Davis
>>> Research Engineer
>>> Tenable Network Security Inc
>>> Phone: 410.872.0555 x245
>>> www.tenablesecurity.com
>>>
>>> Is your network TENABLE?
>> _______________________________________________
>> Nessus mailing list
>> Nessus@list.nessus.org
>> http://mail.nessus.org/mailman/listinfo/nessus
>
>

--
Best Regards,

Paul Davis
Research Engineer
Tenable Network Security Inc
Phone: 410.872.0555 x245
www.tenablesecurity.com

Is your network TENABLE?
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus


_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal