Red Hat NETWORK BASIC - USER REFERENCE GUIDE 4.0 Betriebsanweisung PDF herunterladen (Seite 59)

have an even number of alphanumeric characters.

clientissue

If a vulnerability is determined in a network client such as a web browser or an email

tool, a server “port” will be associated with the reported vulnerability.

cve

Tenable also assigns Common Vulnerability and Exposure (CVE) tags to each PVS

plugin. This allows a user reading a report generated by the PVS to link to more

information available at http://cve.mitre.org/. Multiple CVE entries can be entered on one

line separated by commas.

dependency

This is the opposite of “noplugin”. Instead of specifying another plugin that has failed,

this keyword specifies which plugin has to have succeeded. This keyword specifies a

PVS ID that should exist in order for the plugin to be evaluated. In addition, this plugin

can take the form of “dependency=ephemeral-server-port”, which means that the

server being evaluated must have an open port above port 1024.

description

This field describes on one line the nature of the detected vulnerability. This data is

printed out by the PVS when printing the vulnerability report. Macros are available that

allow for the printing of matched network traffic such as banner information and are

discussed in the examples below. For line breaks, the characters “\n” can be used to

invoke a new line.

Exploitability:

canvas

core

cvsstemporal

metasploit

Displays exploitability factors for the selected vulnerability. For example, if the

vulnerability is exploitable via both Canvas and Core and has a unique CVSS temporal

score, the following tags might be displayed in the plugin output:

CANVAS : D2ExploitPack

CORE : true

CVSSTEMPORAL : CVSS2#E:F/RL:OF/RC:C

These keywords are displayed only in vulnerabilities detected by PVS 3.4

and greater.

dport

Same as “sport”, but for destination ports.

family

Each Tenable plugin for the PVS is included in a family. This designation allows Tenable

to group PVS plugins into easily managed sets that can be reported on individually.

hs_dport

Same as “hs_sport” except for destination ports.

hs_sport

Normally, when the PVS runs its plugins, they are either free ranging looking for

matches on any port, or fixed to specific ports with the “sport” or “dport” keywords. In

very high speed networks, many plugins have a fall-back port, known as a high-speed

port, which focuses the plugin only on one specific port. In high speed more, the

performance of a PVS plugin with an “hs_sport” keyword is exactly the same as if the

plugin was written with the “sport” keyword.

Each PVS plugin needs a unique rule ID. Tenable assigns these 16 bit numbers within

the overall Nessus range of valid entries. Current plugin IDs can be listed at Tenable’s

website for the PVS.

match

This keyword specifies a set of one or more simple ASCII patterns that must be present

in order for the more complex pattern analysis to take place. The “match” keyword

gives the PVS a lot of its performance and functionality. With this keyword, if it does not

1 2 ... 54 55 56 57 58 59 60 61 62 63 64 ... 78 79

Kommentare zu diesen Handbüchern

Keine Kommentare

Red Hat NETWORK BASIC - USER REFERENCE GUIDE 4.0 Betriebsanweisung Seite 59

Kommentare zu diesen Handbüchern

Verwandte Produkte und Handbücher für Software Red Hat NETWORK BASIC - USER REFERENCE GUIDE 4.0