Red Hat NETWORK BASIC - USER REFERENCE GUIDE 4.0 Guía de usuario Pagina 58

  • Descarga
  • Añadir a mis manuales
  • Imprimir
  • Pagina
    / 79
  • Tabla de contenidos
  • MARCADORES
  • Valorado. / 5. Basado en revisión del cliente
Vista de pagina 57
00008
Outbound Encrypted
Session
The PVS has detected one or more encrypted network sessions originating from
within your focus network and destined for one or more addresses on the Internet.
00009
Inbound Encrypted
Session
The PVS has detected one or more encrypted network sessions originating from
one or more addresses on the Internet to this address within your focus network.
00012
Host TTL Discovered
The PVS logs the number of hops away each host is located.
00015
Internal Server Trusted
Connections
The PVS has logged a unique network session of source IP, destination IP, and
destination port.
Working with Passive Vulnerability Scanner Plugins
Vulnerability and Passive Fingerprint Overview
The PVS has two sources of “plugin” information: the .prmx and .prm plugin libraries in the plugins directory.
Tenable distributes its passive vulnerability plugin database in an encrypted format. This file is known as
tenable_plugins.prmx and can be updated on a daily basis, if necessary. PVS plugins that are written by the
customer or third parties have the extension of .prm.
Tenable has also implemented passive fingerprinting technology based on the open-source SinFP tool. With permission
from the author, Tenable has also included the database of passive operating system fingerprints for the fingerprinting
technology in this distribution of the PVS.
Downloading New Vulnerability Plugins
When PVS is registered as a stand-alone scanner using an Activation Code, plugins are updated automatically every 24
hours after the service is started. To manually update the PVS plugins from the web interface, navigate to the Feed
Settings tab on the Configuration page. Next, click the “Update Plugins” button next to the Activation Code box. The
plugins may be updated from the command line using the command “pvs --update-plugins. If SecurityCenter is
being used to manage a PVS, new plugins for the PVS will automatically be sent at scheduled intervals and the PVS
Proxy will restart the PVS as needed.
Writing Custom Plugin Libraries
PVS customers can write their own passive plugin libraries. These plugins are added into the plugins directory in the
PVS’s installation directory. The plugin library must end with a .prm extension for the PVS to see it. The next section
details how to write PVS plugins.
Restarting the Passive Vulnerability Scanner
Once new passive plugins are available to the PVS, it must be stopped and started to recognize the newly available plugins.
Writing Passive Vulnerability Scanner Plugins
Plugin Keywords
There are several keywords available for writing passive vulnerability plugins for PVS. Some of these keywords are
mandatory and some are optional. The mandatory keywords are highlighted in blue.
Name
Description
bid
Tenable assigns SecurityFocus Bugtraq IDs (BID) to PVS plugins. This allows a user
reading a report generated by the PVS to link to more information available at
http://www.securityfocus.com/bid. Multiple Bugtraq entries can be entered on one line
separated by commas.
bmatch
This is the same as “match” but can look for any type of data. A bmatch must always
Vista de pagina 57
1 2 ... 53 54 55 56 57 58 59 60 61 62 63 ... 78 79

Comentarios a estos manuales

Sin comentarios