Objective
- Resolve the error condition “POWERSHELL_NO_RESULT: powershell command returned no result” in the Nessus auditfile for Windows.
This error occurs when an AUDIT_POWERSHELL check return no data.
For example when you query for a registry key that not exists.
<check_type: "Windows" version:"2"> <group_policy: "MS Windows"> <custom_item> type: AUDIT_POWERSHELL description: "Check if IPv6 is disabled" value_type: POLICY_TEXT value_data: "0xff" powershell_args: 'reg query HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters /v DisabledComponents' check_type: CHECK_REGEX </custom_item> </group_policy> </check_type> |
We should have a FAILED end status (non compliant) but an ERROR is raised.
Windows Compliance Checks, version 1.207
Which file contains your security policy : SMB login : stty: 'standard input': Inappropriate ioctl for device
SMB password : stty: 'standard input': Inappropriate ioctl for device
SMB domain (optional) : "Check if IPv6 is disabled": [ERROR]
POWERSHELL_NO_RESULT: powershell command returned no result
Solution
To work around this issue we can catch the output in a variable and evaluate it before we end the check.
if ($output -eq $Null) {write-host \'No Output Recorded\'} else {$output} |
The update audit file check will look like this:
<check_type: "Windows" version:"2"> <group_policy: "MS Windows"> <custom_item> type: AUDIT_POWERSHELL description: "Check if IPv6 is disabled" value_type: POLICY_TEXT value_data: "0xff" powershell_args: '$output=(reg query HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters /v DisabledComponents) ; if ($output -eq $Null) {write-host \'No Output Recorded\'} else {$output}' check_type: CHECK_REGEX </custom_item> </group_policy> </check_type> |
The output of the updated check will look like this:
Windows Compliance Checks, version 1.207
Which file contains your security policy : SMB login : stty: 'standard input': Inappropriate ioctl for device
SMB password : stty: 'standard input': Inappropriate ioctl for device
SMB domain (optional) : "Check if IPv6 is disabled": [FAILED]
Remote value: 'No Output Recorded'
Policy value: '0xff'