Red Hat NETWORK 3.6 - Guía de usuario descargar pdf (Pagina 20)

becomes available. The size of the cache will change

dynamically and can be expected to grow to this maximum

number only when needed.

memory

When reconstructing network sessions, the PVS will pre-

allocate as many megabytes of memory as specified by this

variable. By default, the PVS is installed with a memory value

of “50” megabytes. Networks with sustained speeds larger

than 100 Mb/s or more than 5,000 unique IP addresses

should modify this value to “100” MB. For customers running

in front of multiple Class B networks, values of “400” MB

should be used if the system has enough spare memory.

However, if you have a large network (such as a university

network with 10,000 nodes or more) a setting of 500 should

be used. In addition to the session table, the PVS also will

use another 200 to 300 MB to store the host vulnerability

information and port-scan information.

report-lifetime

Reports can be cached for a specified number of days. After

the configured day count is met, the PVS’s entire model of a

discovered network is completely removed. The PVS starts

over again learning about the hosts that are involved on the

network. This value can be set extremely high, such as 365

days, if this behavior is not desired. However, it is very useful

to have fresh reports on a weekly or monthly basis. The

default value is 30 days.

save-knowledge-base

When this option is enabled, the PVS knowledge base will be

saved on disk for recovery after the program is restarted.

The KB is stored in /opt/pvs/var/pvs/kb.

kb-max-age

The maximum length of time in seconds that a knowledge-

base entry remains valid after its addition.

report-frequency

This variable specifies in minutes (default 60) how often the

PVS will write a report. The PVS can be configured to write its

current model of the network into various file formats

including HTML, XML, “.nsr”, and “.nessus”. If the PVS is

being managed by a SecurityCenter, SC will retrieve the PVS

report every 12 hours by default.

detect-encryption

This keyword block specifies a set of “dependency” and

“exclude” statements that the PVS uses to analyze sessions

containing encrypted traffic. The dependency keywords

identify the specific PVS IDs that have been detected on a

host before an analysis of a session occurs. The exclude

keyword specifies a list of protocol filters (please refer to

“Appendix 1”) for which the PVS should avoid performing

encryption detection. When an encrypted session is detected,

an alert is generated showing source, destination, ports, and

session type. The session type may be one of the following:

> internal-interactive-session (4)

1 2 ... 15 16 17 18 19 20 21 22 23 24 25 ... 60 61

Comentarios a estos manuales

Sin comentarios

Red Hat NETWORK 3.6 - Guía de usuario Pagina 20

Comentarios a estos manuales

Relacionado con productos y manuales para Servidores Red Hat NETWORK 3.6 -