How do I create a custom check to search for world-writeable directories in select search paths? (NETIQKB47240)

goal
How do I create a custom check to search for world-writeable directories in select search paths?

goal
Can I use VM to find directories with specific Write permissions?

fact
NetIQ Vulnerability Manager 5.0

fact
NetIQ Vulnerability Manager 5.5

fix

To create a custom security check in Vulnerability Manager that searches for world-writeable directories, perform the following steps in order.

To create a new check:

1. Start the NetIQ Vulnerability Manager console.
2. Expand Security Knowledge > Security Checks > My Checks.
3. Right-click UNIX and select New Security Check to open the Security Check Wizard.
4. Ensure that Platform is set to UNIX.
5. In the Object window, expand Host.
6. Click File and then click Next.
7. In the Available Attributes column, select File Name and then CTRL-click Type, Other Permissions, and any other appropriate attributes you want to include.
8. Click > to add the attributes to the Attributes to Check column.
9. When you have added all attributes, click Next.

To set up filtering on the new check:

1. On the first line of the Filter window, select Type from the Attribute list.
2. In the Operator list, select equals, leaving Type set to Value.
3. In the Criteria list, select Directory.
4. In the AND/OR list, select AND.
5. On the next line of the Filter window, select Other Permissions from the Attribute list.
6. In the Operator list, select equals, leaving Type set to Value.
7. In the Criteria list, select Write.
8. In the AND/OR list, select OR.
9. Repeat Steps 5 through 8for the next three lines of the Filter window. Use the same values for all lists except Criteria, which should be changed for each possible Write state: Write+Execute, Read+Write, and Read+Write+Execute. Attribute remains Other Permissions throughout.
10. Click the ( column beside the first Other Permissions filter and then SHIFT-click the last Other Permissions filter to select all four filters.
11. Right-click the ) column of the first Other Permissions filter and select Add() to group all four filters together.
12. Click Next.

To set the custom check parameters:

1. On the Parameters window, type a file name for the new check in the FILE/DIRECTORY NAME field. Leave MAXDEPTH set to 1 .
2. Click Next.
3. On the Scoring window, select Count in the Scoring Method list.
4. Set Threat Factor and Expected number of rows returned to the appropriate values.
5. Click Next.
6. On the Properties window, type a name for the new check in the Check Name field.
7. Type a description of the new check in the Brief Description field and provide other information as necessary.
8. In the Category list, select Files/Directories.
9. Click Next and then click Finish.

To include the custom check in a policy template:

1. In the left pane, right-click Policy Templates and select New Policy Template to open the Policy Template Wizard.
2. Select My Checks from the list.
3. Expand UNIX > Files/Directories and select .
   the new security check.
4. Click > to move the check into the Selected Checks column.
5. Click Next.
6. Type the specific search path in the FILE/DIRECTORY NAME field.
7. Set MAXDEPTH to the number of subfolder levels you want the check to search in the specific search path directory tree.  Set MAXDEPTH to zero if you want the check to search all the way to the bottom of the directory structure.
8. Click Next.
9. Type a name in the Name field and a description in the Description field.
10. Click Next.
11. Click Finish.
12. Schedule or run the template.

.


note
Once you create the check, you can put it into a different template and use a different search path. You can also run a check by itself, without putting it in a template.

note
For more information about creating custom checks, see the NetIQ Vulnerability Manager 5.5 User Guide.

Formerly known as NETIQKB47240