TOC & Recently Viewed

Recently Viewed Topics

CMD_EXEC

It is possible to execute commands on the remote host and to check that the output matches what is expected. This kind of check should be used with extreme caution, as it is not always portable across different flavors of Unix.

The quiet keyword tells Nessus not to show the output of the command that failed. It can be set to “YES” or “NO”. By default, it is set to “NO” and the result of the command is displayed. Similarly, the “dont_echo_cmd” keyword limits the results by outputting the command results, but not the command itself.

The nosudo keyword lets the user tell Nessus not to use sudo to execute the command by setting it to “YES”. By default, it is set to “NO” and sudo is always used when configured to do so.

Example

<custom_item>

type: CMD_EXEC

description: "Make sure that we are running FreeBSD 4.9 or higher"

cmd: "uname –a"

timeout: 7200

expect: "FreeBSD (4\.(9|[1-9][0-9])|[5-9]\.)"

dont_echo_cmd: YES

</custom_item>

Copyright © 2017. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.