Examples of security audit profiles

KasperskyOS Community Edition 1.2

Support Send link Get as PDF

Developing security policies > Description of a security policy for a KasperskyOS-based solution > PSL language syntax > Examples of security audit profiles

Examples of security audit profiles

Before analyzing examples, you need to become familiar with the Base, Regex and Flow security models.

Example 1

// Describing a trace security audit profile
// base – Base security model object
// session – Flow security model object
audit profile trace =
/* If the audit runtime-level is equal to 0, the audit covers
 * base object rules when these rules return
 * the "denied" result. */
  { 0 :
      { base :
          { kss : ["denied"]
          }
      }
/* If the audit runtime-level is equal to 1, the audit covers methods
 * of the session object in the following cases:
 * 1. Rules of the session object return any result, and
 * the finite-state machine is in a state other than closed.
 * 2. A query expression of the session object is executed, and the
 * finite-state machine is in a state other than closed. */
  , 1 :
      { session :
          { kss : ["granted", "denied"]
          , omit : ["closed"]
          }
      }
/* If the audit runtime-level is equal to 2, the audit covers methods
 * of the session object in the following cases:
 * 1. Rules of the session object return any result.
 * 2. A query expression of the session object is executed. */
  , 2 :
      { session :
          { kss : ["granted", "denied"]
          }
      }
  }
 

Example 2

// Describing a test security audit profile
// base – Base security model object
// re – Regex security model object
audit profile test =
/* If the audit runtime-level is equal to 0, rules of the base object
 * and expressions of the re object are not covered by the audit. */
  { 0 :
      { base :
        { kss : []
        }
      , re :
        { kss : []
        , emit : []
        }
      }
/* If the audit runtime-level is equal to 1, rules of the
 * base object are not covered by the audit, and expressions of the
 * re object are covered by the audit.*/
  , 1 :
      { base :
        { kss : []
        }
      , re :
        { kss : ["granted"]
        , emit : ["match", "select"]
        }
      }
/* If the audit runtime-level is equal to 2, rules of the base object
 * and expressions of the re object are covered by the audit. Rules
 * of the base object are covered by the audit irrespective of the
 * result that they return.*/
  , 2 :
      { base :
        { kss : ["granted", "denied"]
        }
      , re :
        { kss : ["granted"]
        , emit : ["match", "select"]
        }
      }
  }

Article ID: ssp_descr_psl_syntax_audit_profile_examples, Last review: May 21, 2024

Page top