Built-In Checks
The checks that could not be covered by the checks described above are required to be written as custom names in NASL. All such checks fall under the “built-in” category. Each check starts with a <item>
tag and ends with </item>
. Enclosed within the tags are lists of one or more keywords that are interpreted by the compliance check parser to perform the checks. The following is a list of available checks.
Note: The system
keyword is not available for the built-in checks and will result in a syntax error if used.
Note: All built-in and custom_item checks support the following optional keywords:
-
info — Allows you to add a more detailed description to the check that is being performed. Multiple info fields are allowed with no preset limit. The info content must be enclosed in double-quotes.
Example: info: "Verifies login authentication configuration."
-
solution — Allows you to add solution text to fix a compliance failure.
Example: solution: "Modify the configuration to add missing line"
-
see_also —Allows you to include links that might provide helpful information about a check.
Example: see_also: "http://www.fireeye.com/support/"
-
reference — Allows you to include cross references for audit checks.
Example: reference: "PCI|2.2.3,SANS-CSC|1"
This section includes the following information:
- Password Management
- Root Access
- Permissions Management
- Password File Management
- Group File Management
- Root Environment
- File Permissions
- Suspicious File Content
- Unnecessary Files
- Docker Containers