Red Hat NETWORK BASIC - USER REFERENCE GUIDE 4.0 Guide de l'utilisateur télécharger pdf (Page 60)

see a simple pattern, the entire plugin will not match.

name

This is the name of the vulnerability the PVS has detected. Multiple PVS plugins can

have the same name, but this is not encouraged.

nid

To track compatibility with the Nessus vulnerability scanner, Tenable has attempted to

associate PVS vulnerability checks with relevant Nessus vulnerability checks. Multiple

Nessus IDs can be listed under one “nid” entry such as “nid=10222,10223”.

nooutput

For plugins that are written specifically to be used as part of a dependency with another

plugin, the “nooutput” keyword will cause the PVS to not report anything for any plugin

with this keyword enabled.

noplugin

This keyword will prevent a plugin from being evaluated if another plugin has already

matched. For example, it may make sense to write a plugin that looks for a specific

anonymous FTP vulnerability, but have it disabled if another plugin that checked for

anonymous FTP had already failed.

pbmatch

Same as “bmatch” except for binary data on the previous side of the reconstructed

network session.

plugin_output

This keyword displays dynamic data for a given vulnerability or event. The dynamic data

is usually represented using %L or %P, and its value is obtained from the regular

expressions defined using regex, regexi, pregex, or pregexi.

pmatch

This keyword is the same as “match” but is applied against the previous packet on the

other side of the reconstructed network session.

pregex

Same as “regex” except the regular expression is applied to the previous side of the

reconstructed network session.

pregexi

Same as “pregex” except the pattern matching is case insensitive.

regex

This keyword specifies a complex regular expression search rule that will be applied to

the network session.

regexi

Same as “regex” except the pattern matching is case insensitive.

risk

All PVS plugins need a risk setting. Risks are classified as LOW, MEDIUM, or HIGH. A

LOW risk is an informational vulnerability such as an active port or service. A MEDIUM

risk is something that may be exploitable or discloses information and a HIGH risk is

something that is easily exploitable.

seealso

If one or more URLs are available, this keyword can be used to display them. Multiple

URLs can be specified on one line with commas. Example entries for this could include

CERT advisories and vendor information web sites. Note: PVS 3.0.x will only display the

last seealso defined in the PRM. PVS 3.2 and later will display multiple seealso

directives.

solution

If a solution is available, it can be described here. The report section will highlight the

solution with different text.

sport

This setting applies the PVS plugin to just one port. For example, it may make sense to

write a SNMP plugin that just looks for activity on port 162. However, for detection of off-

port services like a web server running on port 8080, a “sport” field would not be used

in the plugin.

1 2 ... 55 56 57 58 59 60 61 62 63 64 65 ... 78 79

Commentaires sur ces manuels

Pas de commentaire

Red Hat NETWORK BASIC - USER REFERENCE GUIDE 4.0 Guide de l'utilisateur Page 60

Commentaires sur ces manuels

Produits connexes et manuels pour Logiciel Red Hat NETWORK BASIC - USER REFERENCE GUIDE 4.0