Fortinet black logo

Administration Guide

Linux

Copy Link
Copy Doc ID dc02a854-ab11-11ea-8b7d-00505692583a:866060
Download PDF

Linux

The custom scans feature allows you to search host computers for very specific information. Custom scans must be created separately for different operating systems. Within each operating system, there are different types of scans that can be created. Refer to Add A Linux Scan below for a list of scan types and general instructions on adding scans. Refer to the instructions for each scan type for field level information. You can modify or remove the scans at any time. When a custom scan is modified it affects any existing general scans that use that custom scan.

Add a custom scan

  1. Click Policy > Policy Configuration.
  2. Expand Endpoint Compliance.
  3. Click the Scans option to select it.
  4. At the bottom of the window, click Custom Scans.
  5. Select Add.
  6. Select Linux from the Operating System drop-down list.
  7. Select the type of scan desired. Each scan type has a special set of fields that are specific to that type. Use the table below for settings.

    Scan Type

    Description

    File

    Test for the existence of a specific file on the host. See File scan settings.

    Package

    Test for a existence of a specific rpm/deb packages on the host. See Package scan settings.

    Processes

    Test for the existence of a specific process. See Processes scan settings.

    Prohibited-Processes

    Test for the existence of a specific prohibited process. See Prohibited processes scan settings.

    Script

    Allows users to upload a script toFortiNAC to be executed on the host. See Script settings.

  8. Enter the Name for the custom scan.
  9. Enter the information for the custom scan.
  10. Click OK.

The name of the custom scan will now appear in the Custom Scans section for each Linux scan and can be selected as part of the creation or modification of the general scan parameters.

File scan settings

To create a custom scan for a specific file, enter the information shown in the table below into the custom scan window after selecting the File scan type.

Scan Parameter

Description

Label

This label appears in the Results page information to identify which scan the host failed.

Severity

The severity of the failure if the file is not on the host. If you select Required and the file does not exist, the host fails the custom scan. If you select Warning, the host passes the custom scan and a Policy Warning event is generated. This event can be mapped to an alarm and set to notify the Administrator. See Severity level for more details.

File Name

The name of the file being checked for on the host.

Starting Path

The search for the file starts with the directory indicated here and includes all sub-directories and files.

Important: Use the forward slash (/) to delimit directory names. Do NOT use a colon (:).

Web Address

The URL of the page with information regarding this file. If entered, this link appears on the Results page. This is a user created web page. It must be stored in:

/bsc/Registration/registration/site

When completing this field you must enter part of the path for the page not just the page name, such as:

site/pagename.jsp

Prohibit this product

If the file is found and this is set to true, the host fails the scan for a prohibited product.

Default = false.

Package scan settings

To create a custom scan for a specific rpm or deb package, enter the information shown in the table below into the custom scan window after selecting the Package scan type.

Use this custom scan to check whether particular updates or patches have been applied to the host.

Scan Parameter

Description

Label

This label appears in the Results page information to identify which scan the host failed.

Severity

The severity of the failure if the package is not on the host. If you select Required and the package does not exist, the host fails the custom scan. If you select Warning, the host passes the custom scan and a Policy Warning event is generated. This event can be mapped to an alarm and set to notify the Administrator. See Severity level for more details.

Package Name

The name of the rpm or deb package being searched for on the host. The custom scan runs rpm or dpkg commands to search for installed packages.

Version

The inclusive minimum version of the Linux software.

Web Address

The URL of the page with information regarding this rpm or deb package. If entered, this link appears on the Results page. This is a user created web page. It must be stored in:

/bsc/Registration/registration/site

When completing this field you must enter part of the path for the page not just the page name, such as:

site/pagename.jsp

Processes scan settings

To create a custom scan for a specific process, enter the information shown in the table below into the custom scan window after selecting the Processes scan type.

Scan Parameter

Description

Label

This label appears in the Results page information to identify which scan the host failed.

Web Address

The URL of the page with information regarding this process. If entered, this link appears on the Results page. This is a user created web page. It must be stored in:

/bsc/Registration/registration/site

When completing this field you must enter part of the path for the page not just the page name, such as:

site/pagename.jsp

Severity

The severity of the failure if the process is not running on the host. If you select Required and the process does not exist, the host fails the custom scan. If you select Warning, the host passes the custom scan and a Policy Warning event is generated. This event can be mapped to an alarm and set to notify the Administrator. See Severity level for more details.

Process Name

The name of the process being scanned for on the host. This name is seen when you use ps at the command line.

Prohibited processes scan settings

To create a custom scan for a specific prohibited process, enter the information shown in the table below into the custom scan window after selecting the Prohibited Processes scan type.

Scan Parameter

Description

Label

This label appears in the Results page information to identify which scan the host failed.

Web Address

The URL of the page with information regarding this prohibited process. If entered, this link appears on the Results page. This is a user created web page. It must be stored in:

/bsc/Registration/registration/site

When completing this field you must enter part of the path for the page not just the page name, such as:

site/pagename.jsp

Severity

The severity of the failure if the prohibited process is running on the host. If you select Required and the prohibited process does exist, the host fails the custom scan. If you select Warning, the host pass the custom scan and a Policy Warning event is generated. This event can be mapped to an alarm and set to notify the Administrator. See Severity level for more details.

Process Name

Name of the prohibited process being scanned for on the host.

Script settings

To create a custom scan for a specific script, enter the information shown in the table below into the custom scan window after selecting the Script scan type.

Scan Parameter

Description

Label

This label appears in the Results page information to identify which scan the host failed.

Upload Script

Users can select a script to upload to FortiNAC. The name of the uploaded script appears in the text field.

Return Value

The value that the script must return after the agent executes the script.

Web Address

The URL of the page with information regarding this prohibited process. If entered, this link appears on the Results page. This is a user created web page. It must be stored in:

/bsc/Registration/registration/site

When completing this field you must enter part of the path for the page not just the page name, such as:

site/pagename.jsp

Linux

The custom scans feature allows you to search host computers for very specific information. Custom scans must be created separately for different operating systems. Within each operating system, there are different types of scans that can be created. Refer to Add A Linux Scan below for a list of scan types and general instructions on adding scans. Refer to the instructions for each scan type for field level information. You can modify or remove the scans at any time. When a custom scan is modified it affects any existing general scans that use that custom scan.

Add a custom scan

  1. Click Policy > Policy Configuration.
  2. Expand Endpoint Compliance.
  3. Click the Scans option to select it.
  4. At the bottom of the window, click Custom Scans.
  5. Select Add.
  6. Select Linux from the Operating System drop-down list.
  7. Select the type of scan desired. Each scan type has a special set of fields that are specific to that type. Use the table below for settings.

    Scan Type

    Description

    File

    Test for the existence of a specific file on the host. See File scan settings.

    Package

    Test for a existence of a specific rpm/deb packages on the host. See Package scan settings.

    Processes

    Test for the existence of a specific process. See Processes scan settings.

    Prohibited-Processes

    Test for the existence of a specific prohibited process. See Prohibited processes scan settings.

    Script

    Allows users to upload a script toFortiNAC to be executed on the host. See Script settings.

  8. Enter the Name for the custom scan.
  9. Enter the information for the custom scan.
  10. Click OK.

The name of the custom scan will now appear in the Custom Scans section for each Linux scan and can be selected as part of the creation or modification of the general scan parameters.

File scan settings

To create a custom scan for a specific file, enter the information shown in the table below into the custom scan window after selecting the File scan type.

Scan Parameter

Description

Label

This label appears in the Results page information to identify which scan the host failed.

Severity

The severity of the failure if the file is not on the host. If you select Required and the file does not exist, the host fails the custom scan. If you select Warning, the host passes the custom scan and a Policy Warning event is generated. This event can be mapped to an alarm and set to notify the Administrator. See Severity level for more details.

File Name

The name of the file being checked for on the host.

Starting Path

The search for the file starts with the directory indicated here and includes all sub-directories and files.

Important: Use the forward slash (/) to delimit directory names. Do NOT use a colon (:).

Web Address

The URL of the page with information regarding this file. If entered, this link appears on the Results page. This is a user created web page. It must be stored in:

/bsc/Registration/registration/site

When completing this field you must enter part of the path for the page not just the page name, such as:

site/pagename.jsp

Prohibit this product

If the file is found and this is set to true, the host fails the scan for a prohibited product.

Default = false.

Package scan settings

To create a custom scan for a specific rpm or deb package, enter the information shown in the table below into the custom scan window after selecting the Package scan type.

Use this custom scan to check whether particular updates or patches have been applied to the host.

Scan Parameter

Description

Label

This label appears in the Results page information to identify which scan the host failed.

Severity

The severity of the failure if the package is not on the host. If you select Required and the package does not exist, the host fails the custom scan. If you select Warning, the host passes the custom scan and a Policy Warning event is generated. This event can be mapped to an alarm and set to notify the Administrator. See Severity level for more details.

Package Name

The name of the rpm or deb package being searched for on the host. The custom scan runs rpm or dpkg commands to search for installed packages.

Version

The inclusive minimum version of the Linux software.

Web Address

The URL of the page with information regarding this rpm or deb package. If entered, this link appears on the Results page. This is a user created web page. It must be stored in:

/bsc/Registration/registration/site

When completing this field you must enter part of the path for the page not just the page name, such as:

site/pagename.jsp

Processes scan settings

To create a custom scan for a specific process, enter the information shown in the table below into the custom scan window after selecting the Processes scan type.

Scan Parameter

Description

Label

This label appears in the Results page information to identify which scan the host failed.

Web Address

The URL of the page with information regarding this process. If entered, this link appears on the Results page. This is a user created web page. It must be stored in:

/bsc/Registration/registration/site

When completing this field you must enter part of the path for the page not just the page name, such as:

site/pagename.jsp

Severity

The severity of the failure if the process is not running on the host. If you select Required and the process does not exist, the host fails the custom scan. If you select Warning, the host passes the custom scan and a Policy Warning event is generated. This event can be mapped to an alarm and set to notify the Administrator. See Severity level for more details.

Process Name

The name of the process being scanned for on the host. This name is seen when you use ps at the command line.

Prohibited processes scan settings

To create a custom scan for a specific prohibited process, enter the information shown in the table below into the custom scan window after selecting the Prohibited Processes scan type.

Scan Parameter

Description

Label

This label appears in the Results page information to identify which scan the host failed.

Web Address

The URL of the page with information regarding this prohibited process. If entered, this link appears on the Results page. This is a user created web page. It must be stored in:

/bsc/Registration/registration/site

When completing this field you must enter part of the path for the page not just the page name, such as:

site/pagename.jsp

Severity

The severity of the failure if the prohibited process is running on the host. If you select Required and the prohibited process does exist, the host fails the custom scan. If you select Warning, the host pass the custom scan and a Policy Warning event is generated. This event can be mapped to an alarm and set to notify the Administrator. See Severity level for more details.

Process Name

Name of the prohibited process being scanned for on the host.

Script settings

To create a custom scan for a specific script, enter the information shown in the table below into the custom scan window after selecting the Script scan type.

Scan Parameter

Description

Label

This label appears in the Results page information to identify which scan the host failed.

Upload Script

Users can select a script to upload to FortiNAC. The name of the uploaded script appears in the text field.

Return Value

The value that the script must return after the agent executes the script.

Web Address

The URL of the page with information regarding this prohibited process. If entered, this link appears on the Results page. This is a user created web page. It must be stored in:

/bsc/Registration/registration/site

When completing this field you must enter part of the path for the page not just the page name, such as:

site/pagename.jsp