TOC & Recently Viewed

Recently Viewed Topics

Fortinet FortiOS Syntax

The syntax for this plugin and an audit are as follows:


description: "Fortigate - SSH login grace time <= 30 seconds"

info: "SSH login grace time <= 30 seconds."

reference: "HIPAA|HIPAA 164.308(a)(5)(ii)(D),SANS-CSC|16,PCI|2.2.3,800-53|AC-2(5)"

solution: "Issue the following command to configure SSH login grace time.


config system global

set admin-ssh-grace-time <time_int>


context: "config system global"

regex: "set[\\s]+admin-ssh-grace-time"

expect: "set[\\s]+admin-ssh-grace-time[\\s]+([1-2][0-9]|30)$"


The description, info, reference, and solution keywords can contain arbitrary text, and their purpose is straight-forward. These keywords allow a user to include metadata related to a check within an .audit file. Note that the description keyword is required, but any of the others are optional.

This audit detects whether a setting is compliant or not based on the regex, expect, and not_expect keywords. As of the release of the Fortigate plugin (January 21, 2014), Tenable will support six variations of these keywords to perform a compliance audit moving forward.

Copyright © 2017. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.