Understanding Rules

The Rule is the fundamental building block of the policies that AuditShark executes on your servers. A Rule is intended to retrieve a single bit of data from the target host and provide an "Ok" or "Not Ok" result for that bit of data. Rules are typically phrased in the form of a question or a statement with a definitive, but expected answer. The following are examples of common Rules:

  • There should only be one root account with the UID of zero
  • The local administrators group should consist of only the "administrator" account.
  • The Windows Messenger Service should be disabled
  • The C: drive has more than 1GB of free space
  • The installed services has not changed since the last audit

You can also create dependencies between Rules such that a Rule will only execute if it is applicable to the target host. For example, there's no point in checking the permissions on a file if that file doesn't exist. You may also aggregate multiple rules together into a single result using boolean logic.

© 2011-2019 Moon River Software Inc. All rights reserved.
@AuditShark stay in touch