Product manual

ManualsBrandsGFI ManualsSoftwareLanGuard, Add, 25-49IP, 1Y, ENG

231

232

233

234

235

236

237

238

239

240

GFI LanGuard 14 Script Debugger | 238

Keyword Description

TRUE: / FALSE These strings indicate the result of the executed vulnerability check/script. When the SSH module

detects a TRUE: it means that the check was successful; FALSE: indicates that the vulnerability check

has failed.

AddListItem This string triggers an internal function that adds results to the vulnerability check report (i.e. scan

results). These results are shown in the GFI LanGuard management console after completion of a scan.

This string is formatted as follows:

AddListItem([[[[parent node]]]],[[[[actual string]]]])

[[[[parent

node]]]]

Includes the name of the scan results node to which the result will be added.

[[[[actual

string]]]]

Includes the value that will be added to the scan results node.

Note

Each vulnerability check is bound to an associated scan result node. This means that

‘AddListItem’ results are by default included under an associated/default vulnerability node. In

this way, if the parent node parameter is left empty, the function will add the specified string to

the default node.

SetDescription This string triggers an internal function that will overwrite the default description of a vulnerability

check with a new description. This string is formatted as follows: SetDescription([New description])

!!SCRIPT_FIN-

ISHED!!

This string marks the end of every script execution. The SSH module will keep looking for this string

until it is found or until a timeout occurs. If a timeout occurs before the ‘!!SCRIPT_FINISHED!!’ string is

generated, the SSH module will classify the respective vulnerability check as failed.

Note

It is imperative that every custom script outputs the ‘!!SCRIPT_FINISHED!!’ string at the very end

of its checking process.

Table 89: Vulnerability keywords

14.3.2 Adding a vulnerability check that uses a custom shell script

In the following example a vulnerability check is created (for Linux based targets) which uses a script

written in Bash. The vulnerability check in this example will test for the presence of a dummy file

called ‘test.file’

Step 1: Create the script

1. Launch your favorite text file editor.

2. Create a new script using the following code:

#!/bin/bash

if [ –e test.file ]

then

echo "TRUE:"

else

echo "FALSE:"

echo "!!SCRIPT_FINISHED!!"

3. Save the file in <GFI LanGuard 2011 installation folder path>

..\Data\Scripts\myscript.sh