Support

Support for KasperskyOS

KasperskyOS Community Edition

Developing security policies

Describing a security policy for a KasperskyOS-based solution

PSL language syntax

Example descriptions of security audit profiles

KasperskyOS Community Edition
Online Help
FAQ Download Forum Contact support Recovery tools Product videos

Example descriptions of security audit profiles

August 2, 2023

ID ssp_descr_psl_syntax_audit_profile_examples

Get as PDF

Before analyzing examples, you need to become familiar with the Base, Regex and Flow security models.

Example 1

// Describing a trace security audit profile

// base – Base security model object

// session – Flow security model object

audit profile trace =

/* If the audit runtime-level is equal to 0, the audit covers

* base object rules when these rules return

* the "denied" result. */

{ 0 :

{ base :

{ kss : ["denied"]

}

}

/* If the audit runtime-level is equal to 1, the audit covers methods

* of the session object in the following cases:

* 1. Rules of the session object return a "granted"

* or "denied" result, and the finite-state machine is in a state

* other than closed.

* 2. A query expression of the session object is called, and the

* finite-state machine is in a state other than closed. */

, 1 :

{ session :

{ kss : ["granted", "denied"]

, omit : ["closed"]

}

}

/* If the audit runtime-level is equal to 2, the audit covers methods

* of the session object in the following cases:

* 1. Rules of the session object return a "granted"

* or "denied" result.

* 2. A query expression of the session object is called. */

, 2 :

{ session :

{ kss : ["granted", "denied"]

}

}

}

Example 2

// Describing a test security audit profile

// base – Base security model object

// re – Regex security model object

audit profile test =

/* If the audit runtime-level is equal to 0, rules of the base object

* and expressions of the re object are not covered by the audit. */

{ 0 :

{ base :

{ kss : []

}

, re :

{ kss : []

, emit : []

}

}

/* If the audit runtime-level is equal to 1, rules of the

* base object are not covered by the audit, and expressions of the

* re object are covered by the audit.*/

, 1 :

{ base :

{ kss : []

}

, re :

{ kss : []

, emit : ["match", "select"]

}

}

/* If the audit runtime-level is equal to 2, rules of the base object

* and expressions of the re object are covered by the audit. Rules

* of the base object are covered by the audit irrespective of the

* result that they return.*/

, 2 :

{ base :

{ kss : ["granted", "denied"]

}

, re :

{ kss : []

, emit : ["match", "select"]

}

}

}

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.