Built-In Checks

The checks that could not be covered by the checks described above are required to be written as custom names in NASL. All such checks fall under the “built-in” category. Each check starts with a <item> tag and ends with </item>. Enclosed within the tags are lists of one or more keywords that are interpreted by the compliance check parser to perform the checks. The following is a list of available checks.

Note: The system keyword is not available for the built-in checks and will result in a syntax error if used.

Note: All built-in and custom_item checks support the following optional keywords:

  • info — Allows you to add a more detailed description to the check that is being performed. Multiple info fields are allowed with no preset limit. The info content must be enclosed in double-quotes.

    Example: info: "Verifies login authentication configuration."

  • solution — Allows you to add solution text to fix a compliance failure.

    Example: solution: "Modify the configuration to add missing line"

  • see_also —Allows you to include links that might provide helpful information about a check.

    Example: see_also: "http://www.fireeye.com/support/"

  • reference — Allows you to include cross references for audit checks.

    Example: reference: "PCI|2.2.3,SANS-CSC|1"

This section includes the following information: