Configure a Unix Directory Search Control

Configure a Unix Directory Search control to find files and directories that match certain parameters (i.e. name, permissions, owner, etc). You'll tell us where to search and what you're looking for, and we'll return a list of matches.

 

The statement you provide is like the control name that describes what it is and how it should be implemented in the environment. You'll also need to decide which category the control belongs to. This is important because users can search and filter controls by category, they can also search by keywords in the statement.

These are the search parameters you want to use. You'll tell us where to start our search (the base directory) and what you want to match. You can search for files and directories by name, owner, permissions, etc.

You'll also want to set search limits - the max search time and the max number of results to return. We'll stop the search as soon as we hit one of these limits.

Base Directory

The base directory is the directory you want to search. Be as specific as you can to reduce the search time (there is a time limit). Then make additional settings that tell us how many levels we should search within the directory, and what to do when we come across other file systems and symbolic links.

File/Directory Name

Use these fields to find files and directories based on the name. You'll notice that * is used by default for the File Name Include and Directory Name Include, meaning that all files will be a match.

Note - When entering a file name, be sure to include only the file name, not the path to the file. When entering a directory name, only include the directory, not a file name.

File Permissions

For each permission, tell us if the permission should be set on the file (Yes) or not (No). Select Any if either setting is fine. Then select "Match All" to return files that match all of your permission settings or "Match Some" to return files that match at least one of your permission settings. You can also select "Exclude" to return files excluding the files that have at least one your specified permission settings.

File System Object Types

Select each file system object type you want to include in the search. You can include all types or limit the search to only select types.

File Owner

Identify the users and groups that you want to match. You can identify users and groups either by name or ID. 

Exclude the users/groups (Agent Only)

Exclude options allow you to find files owned by users/groups and exclude them. Exclude options are only supported by Cloud Agent. When selected, the scan data for the control evaluation is collected by the agent and then filtered by the agent.

To exclude users, enter a comma-separated list of user names and user IDs, and select Exclude the user(s).

To exclude groups, enter a comma-separated list of group names and group IDs, and select Exclude the group(s).

Note that the exclude options are disabled if you choose Any User, Any Group or None.

Control Data Type and Description

The actual value returned for this control is a String List, meaning we'll return a list of matches in the scan results.

Your control may apply to many technologies. Select each technology you're interested in and provide a rationale statement and expected value.

Time Saving Tip: If you plan to enter the same settings for each technology you only need to do it once. Make your selections in the "Default Values" section first and then select the check box for each technology you want. You'll see that the settings get copied automatically to each technology that you select.

Make these settings:

Rationale - Enter a rationale statement describing how the control should be implemented for each technology.

Cardinality - Select a cardinality for the control. Tell me about these cardinalitiesTell me about these cardinalities

A list of strings in the scan results (X) is compared to a list of strings defined for the control (Y). The control values include the default value (a string) and a cardinality. The possible cardinalities are described below.

Cardinality

You are compliant when

contains

X contains all of Y

does not contain

X does not contain any of Y

intersect

any string in X matches any string in Y

matches

all strings in X match all strings in Y (listed in any order)

is contained in

all strings in X are contained in Y

 

Operator - The operator can be a "regular expression list" or a "string list". We'll use the operator to compare the scan results to the default value.

Default Value. Enter the expected value for each technology as a list of regular expressions or strings. The list of strings returned in the scan results will be compared to the list of strings defined for the control. Learn more

You can lock the Cardinality, Operator or Default Value if you don't want users to be able to change these values in the Policy Editor.

Add up to 10 references for the control. These may be references to internal policies, documents and web sites. For each reference, enter a description, a URL or both. When providing a URL, you must start the URL with http://, https:// or ftp://.  For example, enter http://www.qualys.com to link to the Qualys web site. Once added users have the option to include references in policy reports.

 

Quick Links

User-Defined Controls

Regular Expressions (PCRE)

Agent UDC Support

FAQs