Tools

Viewing vulnerability scan modules

9Select OK.

10Select OK.

11Select Close.

12After the vulnerability scan job completes, revert the NetBIOS settings configured in this procedure.

Preparing Unix target hosts

Vulnerability scan modules targeting Unix variant hosts, including Linux and Apple Mac OS X, require the ability to log in to the target host using the secure shell (SSH) protocol. If SSH is not already installed and/or enabled on target hosts running Unix variants, you must install and/or enable it for the duration of the vulnerability scan.

Some vulnerability scan modules, such as those that test file permissions or check installed patch and software versions, require full access to the target host. You must configure the vulnerability scan job with the user name and password of the root account on the target host to perform a full scan using all modules. Alternatively, you can provide the user name and password of an account assigned to the root user group — that is, a user account whose group ID (gid) is zero (0).

The root account on some Unix variants, including Apple Mac OS X, is disabled by default. In this case, you must first enable the root account, or create a new user account and assign it to the same user group as the root account. Steps to enable the root account vary by Unix variant.

If you do not enable and provide the root account, or an account with equivalent permissions, the vulnerability scan report may contain false negatives, false positives, or other inaccuracies. For example, non-root accounts are restricted to fewer commands, may be jailed, and cannot fully check the system configuration. Without root access, the vulnerability scan will be able to check only a part of the known security concerns for the host. For example, a non-root account could view the /etc/passwd file which contains user names, and specifies functions available to the user, but not the /root/.bashrc file which specifies system-wide functions.

Caution: Configuration changes necessary for a full vulnerability scan can temporarily ! introduce additional risks. If possible, use a firewall or other method of mitigation, such as

FortiClient, to limit which hosts can access the target host during the vulnerability scan, allowing only connections from the FortiAnalyzer, and undo any vulnerability scan configuration changes after the scan.

Viewing vulnerability scan modules

The Modules page displays available remote vulnerability scan (RVS) modules. Each module tests for the presence of a specific security vulnerability on the operating system, services/daemons, applications, or other software installed on the target host, as described in the module’s details.

FortiAnalyzer Version 3.0 MR7 Administration Guide

 

05-30007-0082-20080908

161

Page 171
Image 171
Fortinet 3.0 MR7 manual Viewing vulnerability scan modules, Preparing Unix target hosts, 161