Unix compliance find_orphan_files built-in enhancement

Plugin

21157 - Unix Compliance

Target Release Date

28 July 2020

Change

Currently, the Unix compliance find_orphan_files check type reports on files that have no user or group IDs assigned in a combined report. This enhancement allows for the use of a new tag and options for more granular reporting. The new tag, find_option, has three values: nouser, nogroup, and both. If the tag is omitted, the option defaults to 'both' to allow for backwards compatibility with existing audits.

To use the change in a custom audit, add the new flag 'find_option'.

Example:

<item>

description : "List files with no user"

name : "find_orphan_files"

find_option : "nouser"

</item>

<item>

description : "List files with no group"

name : "find_orphan_files"

find_option : "nogroup"

</item>

<item>

description : "Find all files"

name : "find_orphan_files"

find_option : "both"

</item>

Additional Notes:

All current CIS and DISA STIG published audits will be updated with this change where required by the respective benchmark.

Tenable Research Release Highlights are posted in advance of significant new releases or updates to existing plugins or audit files that are important for early customer notification.

-----------------------

Tenable Research Release Highlights are posted in advance of significant new releases or updates to existing plugins or audit files that are important for early customer notification.