TOC & Recently Viewed

Recently Viewed Topics

Fortinet FortiOS Syntax

The syntax for this plugin and an audit are as follows:


description: "Fortigate - SSH login grace time <= 30 seconds"

info: "SSH login grace time <= 30 seconds."

reference: "HIPAA|HIPAA 164.308(a)(5)(ii)(D),SANS-CSC|16,PCI|2.2.3,800-53|AC-2(5)"

solution: "Issue the following command to configure SSH login grace time.


config system global

set admin-ssh-grace-time <time_int>


context: "config system global"

regex: "set[\\s]+admin-ssh-grace-time"

expect: "set[\\s]+admin-ssh-grace-time[\\s]+([1-2][0-9]|30)$"


The description, info, reference, and solution keywords can contain arbitrary text, and their purpose is straight-forward. These keywords allow a user to include metadata related to a check within an .audit file. Note that the description keyword is required, but any of the others are optional.

This audit detects whether a setting is compliant or not based on the regex, expect, and not_expect keywords. As of the release of the Fortigate plugin (January 21, 2014), Tenable will support six variations of these keywords to perform a compliance audit moving forward.

Copyright © 2019 Tenable, Inc. All rights reserved. Tenable,, Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trademarks of Tenable, Inc.., Lumin, Assure, and the Cyber Exposure Company are trademarks of Tenable, Inc. All other products or services are trademarks of their respective owners.