search

hammackj / risu

Risu is Nessus parser, that converts the generated reports into a ActiveRecord database, this allows for easy report generation and vulnerability verification.
http://hammackj.github.io/risu
MIT License
63 stars 20 forks source link

New XML element detected: compliance. #68

Closed abenson closed 10 years ago

abenson commented 10 years ago

Example:

<ReportItem port="0" svc_name="general" protocol="tcp" severity="3" pluginID="21156" pluginName="Windows Compliance Checks" pluginFamily="Policy Compliance">
<compliance>true</compliance>
<fname>compliance_check.nbin</fname>
<plugin_modification_date>2014/02/26</plugin_modification_date>
<plugin_name>Windows Compliance Checks</plugin_name>
<plugin_publication_date>2007/11/21</plugin_publication_date>
<plugin_type>local</plugin_type>
<risk_factor>None</risk_factor>
<script_version>$Revision: 1.78 $</script_version>

<cm:compliance-result>FAILED</cm:compliance-result>
<cm:compliance-actual-value>

 administrators:
  + Apply To: &quot;this key only&quot;
  |- Inheritance: &quot;not inherited&quot;
  |- Allow: &quot;create link&quot; | &quot;create subkey&quot; | &quot;delete&quot; | &quot;enumerate subkeys&quot; | &quot;full control&quot; | &quot;notify&quot; | &quot;query value&quot; | &quot;read control&quot; | &quot;set value&quot; | &quot;write dac&quot; | &quot;write owner&quot;

  + Apply To: &quot;subkeys only&quot;
  |- Inheritance: &quot;inherited&quot;
  |- Allow: &quot;create link&quot; | &quot;create subkey&quot; | &quot;delete&quot; | &quot;enumerate subkeys&quot; | &quot;full control&quot; | &quot;notify&quot; | &quot;query value&quot; | &quot;read control&quot; | &quot;set value&quot; | &quot;write dac&quot; | &quot;write owner&quot;

</cm:compliance-actual-value>
<cm:compliance-check-id>29b1d814ca87d4b558edc8059ccaeb98</cm:compliance-check-id>
<cm:compliance-policy-value>

 administrators:
  + Apply To: &quot;this key and subkeys&quot;
  |- Inheritance: &quot;not inherited&quot;
  |- Allow: &quot;full control&quot;
</cm:compliance-policy-value>
<cm:compliance-audit-file>FSOWIN7_Analyze_only_v2.audit</cm:compliance-audit-file>
<cm:compliance-check-name>HKLM\system\currentcontrolset\control\securepipeservers\winreg REGISTRY_PERMISSIONS audit</cm:compliance-check-name>
<description>&quot;HKLM\system\currentcontrolset\control\securepipeservers\winreg REGISTRY_PERMISSIONS audit&quot;: [FAILED]

Remote value: 

 administrators:
  + Apply To: &quot;this key only&quot;   |- Inheritance: &quot;not inherited&quot;   |- Allow: &quot;create link&quot; | &quot;create subkey&quot; | &quot;delete&quot; | &quot;enumerate subkeys&quot; | &quot;full control&quot; | &quot;notify&quot; | &quot;query value&quot; | &quot;read control&quot; | &quot;set value&quot; | &quot;write dac&quot; | &quot;write owner&quot;

  + Apply To: &quot;subkeys only&quot;   |- Inheritance: &quot;inherited&quot;   |- Allow: &quot;create link&quot; | &quot;create subkey&quot; | &quot;delete&quot; | &quot;enumerate subkeys&quot; | &quot;full control&quot; | &quot;notify&quot; | &quot;query value&quot; | &quot;read control&quot; | &quot;set value&quot; | &quot;write dac&quot; | &quot;write owner&quot;

Policy value: 

 administrators:
  + Apply To: &quot;this key and subkeys&quot;   |- Inheritance: &quot;not inherited&quot;   |- Allow: &quot;full control&quot;

</description>
</ReportItem>

Generated using ACAS audit files. Edited to protect the guilty.

hammackj commented 10 years ago

This is fixed in 1.7.0-dev on my local box. It will be in the dev branch this evening.