The server I maintain Nesssus on is used by our security staff to run
regular, and on-request scans against client's external interface to the
net. While it all works well, it's time-consuming to keep fully
uptodate, and to run properly because I'm doing too many thing manually:
(1) - "nessus-update-plugins" - This I *do* have kicking off via a cron
job each night. Not too bad, but I'd like it to produce output on what
plugins have *changed* - as far as I can tell this isn't possible.
(2) - CVS updates - What I'd like to do is to regularly (and
automatically via cron) pull down and recompile the 'current stable'
version via CVS. I'm new to CVS, so it's not clear to me that this
script ("...export
CVSROOT=":pserver:[EMAIL PROTECTED]:/usr/local/cvs" ; cvs login
;cvs -z3 update nessus-libraries...") is getting the right 'branch' and
will automatically pull down the latest stable release - and continue to
do so as new releases come out. (Yes, I'm going to get to RTFM RSN...)
(3) - Preferences and 'rc' handling at a Windows (WX) client. I'd like
to spend some time crafting a couple of good settings/preferences (eg a
NormalQuick, HammerIt and a LowSlow&Sneaky), and make it easy for our
security staff to run the one the appropriate one - but there's not much
support for this - what do others do?
(4) - Regular automated scan from the command-line. This is something
I'm starting to build now, but it suprises me that I've not seen sample
scripts anywhere - I'm acutely aware that I'm hacking away to produce
something which others have already done before, and probably better.
Thoughts?
- steve
=========================================================
http://www.commarc.co.nz
(This e-mail has been scanned by MailMarshal)
