CCS 9.0 - How to create complex checks for permissions on files and registries?
Updated: 22 May 2010 | 4 comments
Hi,
I'm in a bind now, on how to create checks to monitor permissions on files and registries using CCS 9.0. I tried to edit some of the registry checks copied over from out-of-box standards, but it gives me error such as "This is a complex check and modifying it is not supported through the check editor". Can anyone help, pls?
Thks and rgds,
KC
discussion Filed Under:
Comments
You cannot modify complex
You cannot modify complex check in CCS 9.0. You can only create a new complex check or modify simple checks.
VMWARE-- SEP 12.1 vs McAfee vs Trend Micro
Hi Vikram, Thks for your
Hi Vikram,
Thks for your reply. Can you guide me on how to create complex checks based on the following scenarios:
1) Permissions for critical system administration files listed in a table (multiple entries) must be modified so that only Administrators, and SYSTEM have Full Access and that Backup Operators have Read and Execute Access. Permissions for all other users must be removed.
2) Verify permissions on critical registry keys listed in a table (multiple entries) have been modified so that only Administrators and LOCAL SERVICE have Full Access. Verify read and write permissions for all other users have been removed.
3) Ensure that a list (multiple entries in a table) of Required Services must be enabled and running.
4) Ensure that a list (multiple entries in a table) of Disallowed Services must be disabled/uninstalled.
5) File level audit tracking to critical system and security files listed in a table (multiple entries) must be enabled for the group “Everyone” to comply. The table contains a list of security files, and mapped to a matrix of permissions (such as RWXDPO).
Your help is very much appreciated. Thank you in advance!
Rgds,
KC
The only real way to deal
The only real way to deal with complex checks (they CAN be edited, albeit not from within the check editor) is to export the standard to .XML file and then edit the check in there. Once the check has been edited, simply re-import the standard back into CCS. I have used this process many times with numerous clients to assist with very complex Unix checks. I caution that that this is NOT simple and that you should have a very strong understanding of what you are trying to do. Maybe enlist the help of someone that has an understanding of basic programming.
I have created checks related to registries in CCS9.0.1
I used my own formula to create checks for registries in CCS9.0.1 and they work fine.Though it takes time to figure out the formula it is easy to create checks related to registries.And the same thing for Services.We might have to use "if then else" statements for both services and registry related checks.
Would you like to reply?
Login or Register to post your comment.