On Sat, Jun 07, 2003 at 11:24:11AM +0100, James Blackburn wrote:
> I'm using nessus 2.0.5 on debian linux, and would like to be able to do
> the following.
>
> I'd like to be able to monitor a group of windows 2000 server
> periodically - every 5 mins - scanning them to determine if there are
> any admins logged in. It would also be good to get the current
> server/domain users in the administrator group and report any changes
> to this via e-mail.
As others pointed out, Nessus is not the best tool to do this job,
but it can do it anyway.
To do so, you'd need to modify smb_group_admin.nasl and
smb_group_domain_admin.nasl to store the name(s) of the administrators
in the domain in the KB. Then you'd need to write a new plugin based on
netbios_name_get.nasl.
netbios_name_get.nasl actually prints out the name of the currently
logged user on the remote host. You'd need to modify it to see if the
name of the user logged in is present in the KB item you created which
contains the list of admins.
Then you'd simply need to write a cronjob which launches nessus every
five minutes and send you the output of the report by email if there's
any change.
-- Renaud
