Vulnerability Details

Options for Local Security Checks

Published: 2010-02-26 11:01:21

CVSS Base Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:N

Summary:
This script allows users to set some Options for Local Security Checks which are stored in the knowledge base and used by other tests. Description of the options: - Also use 'find' command to search for Applications: Setting this option to 'no' disables the use of the 'find' command via SSH against Unixoide targets. This reduces scan time but might reduce detection coverage of e.g. local installed applications. - Descend directories on other filesystem (don't add -xdev to find): During the scan 'find' is used to detect e.g. local installed applications via SSH on Unixoide targets. This command is descending on special (network-)filesystems like NFS, SMB or similar mounted on the target host by default. Setting this option to 'no' might reduce the scan time if network based filesystems are not searched for installed applications. - Enable Detection of Portable Apps on Windows: Setting this option to 'yes' enables the Detection of Portable Apps on Windows via WMI. Enabling this option might increase scan time as well as the load on the target host. - Disable the usage of win_cmd_exec for remote commands on Windows: Some AV solutions might block remote commands called on the remote host via a scanner internal 'win_cmd_exe' function. Setting this option to 'yes' disables the usage of this function (as a workaround for issues during the scan) with the risk of lower scan coverage against Windows targets. - Disable file search via WMI on Windows: Various VTs are using WMI to search for files on Windows targets. Depending on the attached storage and its size this routine might put high load on the target and could slow down the scan. Setting this option to 'yes' disables the usage of this search with the risk of lower scan coverage against Windows targets. - Report vulnerabilities of inactive Linux Kernel(s) separately: All current Linux Distribution Package manager based Local Security Checks are reporting the same severity for active and inactive Linux Kernel(s). If this setting is enabled the reporting for inactive Linux Kernel(s) is done separately in the VT 'Report Vulnerabilities in inactive Linux Kernel(s)' (OID: 1.3.6.1.4.1.25623.1.0.108545). Please note that this functionality is currently only available for Debian (and Derivates using apt-get) and RPM based Distributions and needs to be considered as 'experimental'.

Detection Type:
general_note

Severity
Detection Plugin
CVSS Score
0.0
Published
2010-02-26
Modified
2019-03-07
Category
Settings

Free Vulnerability Scanning, Assessment and Management

Mageni's Platform is packed with all the features you need to scan, assess and manage vulnerabilities like this - it is free, open source, lightning fast, reliable and scalable.

Router
Servers
Laptop
Database
Group
Cloud

Frequently Asked Questions

No, you can scan concurrently as many assets as you want. Please note that you must be aware of the hardware requeriments of the platform to ensure a good performance.

No, you can add as many assest as you want. It doesn't matters if you have millions of assets, we won't charge you for that.

No. The software is completely free. We have no intention to charge you to use the software, in fact - it completely goes against our beliefs and business model.

A vulnerability is defined in the ISO 27002 standard as “A weakness of an asset or group of assets that can be exploited by one or more threats” (International Organization for Standardization, 2005)

We generate revenue by providing support and other services for customers that require a subscription so they get guaranteed support and enterprise services. To use Mageni's Platform is completely free, with no limits at all.

Yes. Mageni understands that there are professionals and businesses that need commercial support so Mageni provides an active support subscription with everything needed to run Mageni's Platform reliably and securely. More than software, it's access to security experts, knowledge resources, security updates, and support tools you can't get anywhere else. The subscription includes:

  • Ongoing delivery
    • Patches
    • Bug fixes
    • Updates
    • Upgrades
  • Technical support
    • 24/7 availability
    • Unlimited Incidents
    • Specialty-based routing
    • Multi-Channel
  • Commitments
    • Software certifications
    • Software assurance
    • SLA

No, we don't store the information of your vulnerabilities in our servers.

Vulnerability management is the process in which vulnerabilities in IT are identified and the risks of these vulnerabilities are evaluated. This evaluation leads to correcting the vulnerabilities and removing the risk or a formal risk acceptance by the management of an organization. The term vulnerability management is often confused with vulnerability scanning. Despite the fact both are related, there is an important difference between the two. Vulnerability scanning consists of using a computer program to identify vulnerabilities in networks, computer infrastructure or applications. Vulnerability management is the process surrounding vulnerability scanning, also taking into account other aspects such as risk acceptance, remediation etc. Source: "Implementing a Vulnerability Management Process". SANS Institute.

I am ready to start scanning for vulnerabilities