I'm working on a system like this as we speak. All of the collection and scheduling stuff is simple enough - the main thing that is challenging is formatting reports. Of course you could simply store the html nessus report on the server, but if you wish to customise this somewhat it is trickier.
Has anyone worked on a nice way of storing nessus output to a database to be formatted at a later date? The beauty of exporting the data to a db is that you could also get statistics from all scans and compare scans easily enough. Anyway - the point of the mail is that Hugo is correct. Have the scan run from a queue and email the user when it is complete. This codes itself easily. Marc -----Original Message----- From: Gary Flynn [mailto:[EMAIL PROTECTED]] Sent: Thursday, 10 January 2002 5:55 AM To: Hugo van der Kooij Cc: '[EMAIL PROTECTED]' Subject: Re: Web Interface for Nessus? Hugo van der Kooij wrote: > > I could think of a PHP script that will run the commandline version. Then > return with a page giving you a URL that might be usefull after an hour or > so. (This highly depends on the the time it takes to run a full scan.) or email the requester with the URL when the scan is complete. > IAnyone know of a simple trick to keep a session open for a > long time on a HTTP server with PHP? You could collect the information needed for the command line and create a job in a queue for a scheduler to pick up later. Then you wouldn't have to maintain anything on the web side. The biggest issue is determining authorization for a given user to scan a given IP address. This issue is different for different sites. -- Gary Flynn Security Engineer - Technical Services James Madison University Please R.U.N.S.A.F.E. http://www.jmu.edu/computing/runsafe
