Overview
LanGuard allows exporting and importing scanning profiles and vulnerability definitions using the command-line impex.exe utility. This can be used to set up automated backups of customized configuration or during the LanGuard server migration.
Solution
The Impex tool is a command-line tool that can Import and Export scanning profiles and vulnerability definitions from the GFI LanGuard.
This tool only imports and exports the scanning profiles and vulnerability definitions. No other configuration data is imported or exported when using this tool.
IMPORTANT: It is highly recommended NOT to use the Impex tool if the GFI LanGuard application (LanGuard.exe) or LanGuard scanning profiles (scanprofiles.exe) are running.
On the machine where GFI LanGuard is installed, open a command prompt, and change the directory to the LanGuard installation folder. Run the Impex tool using the parameters and command switches to define the operations to perform. The full syntax to run the command is:
impex [[/H]
| [/?]] | [/XML:xmlfile [/DB:dbfile] [[/EX] [/MERGE]] | [/IM [/ONLYNEWER]] [/PROFILES
| /VULNS | /PORTS | /PROFILE:name | /VULNCAT:cat [/VULN:name] | /PORTTYPE:type
[/PORT:number]] [/SKIP | /OVERWRITE | /RENAME:value]]
Refer to the table below for descriptions:
Switch | Description |
---|---|
/H, /? |
Running without parameters displays this help message. |
/XML:<xmlfile> |
The filename of the exported/imported file name. This parameter is mandatory. |
/DB:<dbfile> |
The database file to be used during the import/export. If this is not specified, the default operationsprofiles.mdb file is used. |
/EX |
Exports data from the database to an XML file (Default Option). |
/MERGE |
When specified and if the target XML file for export already exists, the file is opened, and data is merged; otherwise, the XML file is first deleted. |
/IM |
Imports data from the XML file to the database. |
/ONLYNEWER |
When specified, only vulnerabilities newer than the newest vulnerabilities in the database are imported. |
/PORTS |
Exports/imports all ports. |
/PORT:<number> |
Exports/imports the specified port. /PORTTYPE must be specified. |
/PORTTYPE:<type> |
Exports/imports all ports of the specified type. |
/PROFILES |
Exports/imports all scanning profiles. |
/PROFILE:<name> |
Exports/imports the specified scanning profile. |
/VULNS |
Exports/imports all vulnerabilities. |
/VULN:<name> |
Exports/imports the specified vulnerability. /VULNCAT must be specified. |
/VULNCAT:<category> |
Exports/imports all vulnerabilities of the specified category. |
/SKIP |
If an item already exists in the target XML/database , that item is skipped. |
/OVERWRITE |
If an item already exists in the target XML/database , that is overwritten. |
/RENAME:<value> |
If an item already exists in the target XML/database , that item is renamed to the value specified if /PROFILE or /VULN was specified. Port information is merged if the item is a port or renamed by prefixing its name with the value specified in any other case. |
<xmlfile>
, <dbfile>
, <name>
, <category>
or <value>
contain any space character; the whole value must be placed between double-quotes. Example:
<xmlfile>
containing space ="Vulnerability Checks Definitions.xml"
<xmlfile>
without space =VulnerabilityChecksDefinitions.xml
Usage Examples
impex /XML:"C:\LanGuardSettings.xml"
Successfully exported all profiles, vulnerabilities and ports!
impex /IM /XML:"C:\LanGuardSettings.xml"
Successfully imported all profiles, vulnerabilities and ports!
impex /xml:regcheck.xml /vuln:"Blaster Worm" /vulncat:"Registry Vulnerabilities"
NOTE: It is recommended that if the vulnerability definitions are imported into another installed instance of GFI LanGuard, that installation to have the same build number as the one the database has been exported from.