To configure the application to test for Oracle policy compliance you must edit the default XML policy template for Oracle (oracle.xml), which is located in [installation_directory]/plugins/java/1/OraclePolicyScanner/1.
To configure the application to test for Oracle policy compliance:
To add credentials for Oracle Database policy compliance scanning:
To configure the application to test for Lotus Domino policy compliance you must edit the default XML policy template for Lotus Domino (domino.xml), which is located in [installation_directory]/plugins/java/1/NotesPolicyScanner/1.
To configure the application to test for Lotus Domino policy compliance:
To add credentials for Lotus Domino policy compliance scanning:
You can configure Nexpose to verify whether assets running with Windows operating systems are compliant with Microsoft security standards. The installation package includes three different policy templates that list security criteria against that you can use to check settings on assets. These templates are the same as those associated with Windows Policy Editor and Active Directory Group Policy. Each template contains all of the policy elements for one of the three types of Windows target assets: workstation, general server, and domain controller.
A target asset must meet all the criteria listed in the respective template for the application to regard it as compliant with Windows Group Policy. To view the results of a policy scan, create a report based on the Audit or Policy Evaluation report template. Or, you can create a custom report template that includes the Policy Evaluation section. See Fine-tuning information with custom report templates.
The templates are .inf files located in the plugins/java/1/WindowsPolicyScanner/1 path relative to the application base installation directory:
Note: Use caution when running the same scan more than once with less than the lockout policy time delay between scans. Doing so could also trigger account lockout.
You also can import template files using the Security Templates Snap-In in the Microsoft Group Policy management Console, and then saving each as an .inf file with a specific name corresponding to the type of target asset.
You must provide the application with proper credentials to perform Windows policy scanning. See Configuring scan credentials.
Go to the Windows Group Policy page, and enter the .inf file names for workstation, general server, and domain controller policy names in the appropriate text fields.
To save the new scan template, click Save.
Nexpose can test account policies on systems supporting CIFS/SMB, such as Microsoft Windows, Samba, and IBM AS/400:
This the maximum number of failed logins a user is permitted before the asset locks out the account.
To configure Nexpose to test for AS/400 policy compliance:
This the maximum number of failed logins a user is permitted before the asset locks out the account. The number corresponds to the QMAXSIGN system value.
This number corresponds to the QPWDMINLEN system value and specifies the minimum length of the password field required.
This level corresponds to the minimum value that the QSECURITY system value should be set to. The level values range from Password security (20) to Advanced integrity protection (50).
To configure Nexpose to test for UNIX policy compliance:
This setting controls the permissions that the target system grants to any new files created on it. If the application detects broader permissions than those specified by this value, it will report a policy violation.