Sample: Posture Data Transferred using CIPS
The following sample shows the posture data transferred by CIPS to your storage platform:
Posture Data Transferred using CIPS
{
"hostId":10404430,
"dns":"doctom1.rdlab.in03.qualys.com",
"ip":"10.115.120.97",
"trackingMethod":"4",
"os":"CentOS Linux 7.5.1804",
"osCpe":null,
"complianceLastScanData":"2023-01-16T10:47:05Z",
"customerUuid":"0a387e70-8b26-78ff-8145-017b816fa17f",
"customerId":250021,
"assetId":31680291,
"policy":[
{
"id":3567540,
"posture":[
{
"id":25214933,
"controlId":1071,
"controlStatement":"Status of the 'Minimum Password Length' setting",
"controlReference":"",
"remediation":"To specify password length requirements for new accounts, edit the file \"/etc/login.defs\" and add or correct the following lines: \n\nPASS_MIN_LEN <required value>\n\nexample:\n\nPASS_MIN_LEN 14\n\n\nNote:\nThe DoD requirement is \"14\". If a program consults \"/etc/login.defs\" and also another PAM module (such as \"pam_cracklib\") during a password change operation, then the most restrictive must be satisfied.",
"technologyId":80,
"instance":"os",
"posture":"Passed",
"postureModifiedDate":"2023-01-13T07:08:18Z",
"evaluationDate":"2023-01-16T10:49:43Z",
"lastPosture":"Passed",
"firstEvaluatedDate":"2023-01-13T07:08:18Z",
"failDateFirstFound":null,
"failDateLastFound":null,
"passedDateFirstFound":"2023-01-13T07:08:18Z",
"passedDateLastFound":"2023-01-16T10:49:43Z",
"evidence":"{\"description\":\"The following Integer value \\u003cB\\u003eX\\u003c/B\\u003e indicates the current value of the \\u003cB\\u003ePASS_MIN_LEN\\u003c/B\\u003e setting as defined within the \\u003cB\\u003e/etc/login.defs\\u003c/B\\u003e file.\",\"expectedValues\":[\"greater than or equal to\\n0\"],\"actualValues\":[\"5\"],\"extendedEvidence\":\"\\n\\n\\u003d\\u003d\\u003d\\u003d\\u003d\\u003dExtended Evidence\\u003d\\u003d\\u003d\\u003d\\u003d\\u003d:\\nRow 1:File name,Setting,Value\\nRow 2:/etc/login.defs,PASS_MIN_LEN,5\\n\",\"causeOfFailure\":{\"missing\":{\"logic\":\"DP\",\"value\":[]},\"unexpected\":{\"value\":[\"5\"]}},\"scanParameter\":\"\"}"
},
{
"id":25214934,
"controlId":1072,
"controlStatement":"Status of the 'Minimum Password Age' setting",
"controlReference":"at CL 1072 second(https://www.google.com),at CL 1072(https://www.qualys1.com)",
"remediation":"To set the value for this setting edit the '/etc/login.defs' file:\nAdd or edit the value of 'PASS_MIN_DAYS' setting according to the needs of business.\n\nExample: \nPASS_MIN_DAYS 7 \n\nModify user parameters for all users with a password set to match, with the following command:\n# chage --mindays 7 <user>",
"technologyId":80,
"instance":"os",
"posture":"Passed",
"postureModifiedDate":"2023-01-13T07:08:18Z",
"evaluationDate":"2023-01-16T10:49:43Z",
"lastPosture":"Passed",
"firstEvaluatedDate":"2023-01-13T07:08:18Z",
"failDateFirstFound":null,
"failDateLastFound":null,
"passedDateFirstFound":"2023-01-13T07:08:18Z",
"passedDateLastFound":"2023-01-16T10:49:43Z",
"evidence":"{\"description\":\"The following Integer value \\u003cb\\u003eX\\u003c/b\\u003e indicates the current \\u003cb\\u003ePASS_MIN_DAYS\\u003c/b\\u003e setting within the \\u003cb\\u003e/etc/login.defs\\u003c/b\\u003e file.\",\"expectedValues\":[\"greater than or equal to\\n0\"],\"actualValues\":[\"0\"],\"extendedEvidence\":\"\\n\\n\\u003d\\u003d\\u003d\\u003d\\u003d\\u003dExtended Evidence\\u003d\\u003d\\u003d\\u003d\\u003d\\u003d:\\nRow 1:File name,Setting,Value\\nRow 2:/etc/login.defs,PASS_MIN_DAYS,0\\n\",\"causeOfFailure\":{\"missing\":{\"logic\":\"DP\",\"value\":[]},\"unexpected\":{\"value\":[\"0\"]}},\"scanParameter\":\"\"}"
},
{
"id":25214935,
"controlId":1073,
"controlStatement":"Status of the 'Maximum Password Age' setting (expiration) / Accounts having the 'password never expires' flag set",
"controlReference":"at CL 1 1073(https://www.google.com)",
"remediation":"To specify password maximum age for new accounts, edit the file \"/etc/login.defs\" and add or correct the following line, replacing [DAYS] appropriately: \n\nPASS_MAX_DAYS [DAYS]\n\nThe DoD requirement is 60.",
"technologyId":80,
"instance":"os",
"posture":"Passed",
"postureModifiedDate":"2023-01-13T07:08:18Z",
"evaluationDate":"2023-01-16T10:49:43Z",
"lastPosture":"Passed",
"firstEvaluatedDate":"2023-01-13T07:08:18Z",
"failDateFirstFound":null,
"failDateLastFound":null,
"passedDateFirstFound":"2023-01-13T07:08:18Z",
"passedDateLastFound":"2023-01-16T10:49:43Z",
"evidence":"{\"description\":\"The following Integer value \\u003cb\\u003eX\\u003c/b\\u003e indicates the current status of the \\u003cb\\u003ePASS_MAX_DAYS\\u003c/b\\u003e setting as defined within the \\u003cb\\u003e/etc/login.defs\\u003c/b\\u003e file.456\",\"expectedValues\":[\"greater than or equal to\\n0\"],\"actualValues\":[\"99999\"],\"extendedEvidence\":\"\\n\\n\\u003d\\u003d\\u003d\\u003d\\u003d\\u003dExtended Evidence\\u003d\\u003d\\u003d\\u003d\\u003d\\u003d:\\nRow 1:File name,Setting,Value\\nRow 2:/etc/login.defs,PASS_MAX_DAYS,99999\\n\",\"causeOfFailure\":{\"missing\":{\"logic\":\"DP\",\"value\":[]},\"unexpected\":{\"value\":[\"99999\"]}},\"scanParameter\":\"\"}"
},
{
"id":25214936,
"controlId":1091,
"controlStatement":"Status of the number of days before a [Prompt user] password expiration warning prompt is displayed at login",
"controlReference":"at CL 1(https://www.qualys.com)",
"remediation":"# Edit file '/etc/login.defs' to configure 'PASS_WARN_AGE' setting according to the business needs and organization's security policies.\nPASS_WARN_AGE <number>\n\n# Example\nPASS_WARN_AGE 7",
"technologyId":80,
"instance":"os",
"posture":"Passed",
"postureModifiedDate":"2023-01-13T07:08:18Z",
"evaluationDate":"2023-01-16T10:49:43Z",
"lastPosture":"Passed",
"firstEvaluatedDate":"2023-01-13T07:08:18Z",
"failDateFirstFound":null,
"failDateLastFound":null,
"passedDateFirstFound":"2023-01-13T07:08:18Z",
"passedDateLastFound":"2023-01-16T10:49:43Z",
"evidence":"{\"description\":\"The following Integer value \\u003cb\\u003eX\\u003c/b\\u003e indicates the current \\u003cb\\u003ePASS_WARN_AGE\\u003c/b\\u003e setting within the \\u003cb\\u003e/etc/login.defs\\u003c/b\\u003e file on the host.456\",\"expectedValues\":[\"greater than or equal to\\n0\"],\"actualValues\":[\"7\"],\"extendedEvidence\":\"\\n\\n\\u003d\\u003d\\u003d\\u003d\\u003d\\u003dExtended Evidence\\u003d\\u003d\\u003d\\u003d\\u003d\\u003d:\\nRow 1:File name,Setting,Value\\nRow 2:/etc/login.defs,PASS_WARN_AGE,7\\n\",\"causeOfFailure\":{\"missing\":{\"logic\":\"DP\",\"value\":[]},\"unexpected\":{\"value\":[\"7\"]}},\"scanParameter\":\"\"}"
},
{
"id":25214937,
"controlId":1117,
"controlStatement":"Status of the 'inetd' or 'xinetd' service",
"controlReference":"at CL 1117 first(https://www.qualys.com),at CL 1117 second(https://www.google.com)",
"remediation":"The \"xinetd\" service can be disabled with the following commands: \n\n# chkconfig xinetd off\n# service xinetd stop",
"technologyId":80,
"instance":"os",
"posture":"Passed",
"postureModifiedDate":"2023-01-13T07:08:18Z",
"evaluationDate":"2023-01-16T10:49:43Z",
"lastPosture":"Passed",
"firstEvaluatedDate":"2023-01-13T07:08:18Z",
"failDateFirstFound":null,
"failDateLastFound":null,
"passedDateFirstFound":"2023-01-13T07:08:18Z",
"passedDateLastFound":"2023-01-16T10:49:43Z",
"evidence":"{\"description\":\"The following List String value(s) \\u003cb\\u003eX\\u003c/b\\u003e indicate the current status of the \\u003cb\\u003exinetd\\u003c/b\\u003e service.456\",\"expectedValues\":[\"matches regular expression list\\n.*\"],\"actualValues\":[\"161803399999999\"],\"extendedEvidence\":\"\\n\\n\\u003d\\u003d\\u003d\\u003d\\u003d\\u003dExtended Evidence\\u003d\\u003d\\u003d\\u003d\\u003d\\u003d:\\nRow 1:Service Name,Status\\n\",\"causeOfFailure\":{\"missing\":{\"logic\":\"DP\",\"value\":[]},\"unexpected\":{\"value\":[]}},\"scanParameter\":\"\"}"
}
]
}
]
}
Related Topic