Hello All, Recently, I developed a web-based interface for the scan results exported from NessusWX called NRI. It can be downloaded from http://students.db.erau.edu/~nessus It is released under the GPL license.
Here is an overview of it. It was developed on a RedHat 8.0 machine running Apache 1.3.27 and MySQL 3.23.53a with multiple layers of security. The reason for development was to centrally distribute results for review, archive the data with comments when corrected, and hold the admin accountable by capturing the IP and username of the user that archived the record. These archived records are moved to a separate table. A false positive option is also there. The results not addressed are moved to another table right before new results are imported. A comparison can then be made between the new results and the archived data. Another comparison can be made between the results not addressed and the new results. I also included a script that will allow those who have access to the interface to see the open conduits on a PIX firewall. This is also web-based. It is important to remember that this is a work in progress and I STRONGLY recommend multiple layers of security on the box where NRI is installed. I welcome any comments or questions about NRI after you read the website. I will add info to this site as needed. ************************************ Jody Steadman Unix\Security Administrator Embry-Riddle Aeronautical University (386)226-6418 [EMAIL PROTECTED] ************************************ - [EMAIL PROTECTED]: general discussions about Nessus. * To unsubscribe, send a mail to [EMAIL PROTECTED] with "unsubscribe nessus" in the body.
