Red Hat NETWORK 3.6 - Betriebsanweisung PDF herunterladen (Seite 17)

the pvs command was run. For example, if you were in /home/userx when you issued the

above command, the report file would be located in /home/userx/report.nsr. If you want

the report.nsr file to be created in a specific directory, specify the full path, such as “-r

/home/jsmith/myreport.nsr”.

The PVS Watchdog

The PVS Proxy uses a watchdog service to check the running state of the PVS and to restart

the PVS service if it is detected to be down at any point. These settings determine the

number of restart attempts and the interval at which PVS attempts to start. Once the

maximum number of attempts has been made, the proxy will abandon restart attempts for

a period of 30 minutes.

The settings for this watchdog are configured in pvs-proxy.conf:

watchdog {

# How many times should the proxy attempt to start

# PVS over a configurable interval. Once the maximum

# number of attempts has been made, the proxy will

# abandon restart attempts for a period of 30 minutes.

# 'pvs-interval' is measured in minutes.

pvs-restart-attempts 3;

pvs-restart-interval 10;

}

Using the Passive Vulnerability Scanner to Analyze TCPDUMP Capture Files

The PVS can read in TCP packets from a TCPDUMP binary packet capture file. Specify the

file to read with the “-f” option, and the PVS will analyze the contents of the file and then

produce a report specified with the “–r” option.

Generating a Report

The installation script will install the PVS with a default reporting cycle of 60 minutes. This

means that the PVS will overwrite the report file with the latest vulnerability information

every 60 minutes. In our previous example, the “-r” option was used to specify a report file

of report.nsr. This report file is a compatible format with the Nessus vulnerability scanner.

Examples of manipulating the report are provided in “Appendix 3 Working with Nessus”.

By default, simply waiting 60 minutes will cause the PVS to produce a report. However,

sending a “-1” signal to the PVS’s process ID will cause it to immediately produce a report.

In this example, the PVS’s process ID was determined to be 19211.

# ls -lt pvs-report.nsr

-rw-r--r-- 1 root root 4153 Aug 27 10:25 pvs-report.nsr

# ps aux | grep pvs

root 19211 1.4 17.2 21772 16296 pts/0S 10:41 0:01 /opt/pvs/bin/pvs

# date

Wed Aug 27 10:43:26 EDT 2003

# kill -1 19211

# ls -lt pvs-report.nsr

-rw-r--r-- 1 root root 4153 Aug 27 10:43 pvs-report.nsr

Notice that the report file pvs-report.nsr has a time stamp of the current time. When the

PVS receives the “-1” signal, it immediately produces a report.

1 2 ... 12 13 14 15 16 17 18 19 20 21 22 ... 60 61

Kommentare zu diesen Handbüchern

Keine Kommentare

Red Hat NETWORK 3.6 - Betriebsanweisung Seite 17

Kommentare zu diesen Handbüchern

Verwandte Produkte und Handbücher für Server Red Hat NETWORK 3.6 -