Hello all, The Linux Professional Institute (lpi.org) is in the process of putting together a proposed certification track known as Level3-Security. Although not formally adopted, they are soliciting job tasks for this certification.
Today at lunch, I took the time to start up a grouping of tasks pertaining to Nessus. I was hoping someone could take a look at the tasks I entered and criticize them, modify them, or add to them. Nothing is written in stone here, and my shortcomings as a task creator will be augmented by others working on the project. Thanks, Mark Lachniet ---------------------snip------------------ Tasks The following Tasks have been defined. 1. Identify package dependencies and download/install 2. Install Nessus via "tarball" 3. Export library path for Nessus and run ldconfig 4. Install Nessus via unsafe Internet script 5. Add Nessus users 6. Configure Nessus user restrictions 7. Manually configure nessusrc files 8. Run Nessus jobs via. the command line interface 9. Use KB Saving features of Nessus 10. Use the detatched scan feature of Nessus 11. Run Nessus jobs via. the GUI X-Windows interfact 12. Install and configure NessusWX for Win32 users 13. Determine if Nessus is running via. netstat and ps 14. Run individual .nasl files from the command line 15. Understand portscan options in nessus (range, speed, etc.) 16. Configure Nessus jobs without the 'ping' command for "stealth" hosts 17. Troubleshoot Nessus encryption key issues 18. Use certificate based authentication 19. Update NASL library with nessus-update-plugins 20. Configure the 'check_reads_timeout' parameter for slow hosts 21. Identify false positives through analysis of nasl script and manual testing 22. Perform differential scans using Nessus 23. Configure Nessus NIDS evasion features 24. Configure target IPs and netmasks with the GUI interface 25. Configure target IPs and netmasks in a text file 26. Understand and configure Nessus "safe checks" 27. Configure Nessus plugins to run (All, Non-DoS, user specified) 28. Understand how to use client certificates with a Nessus scan 29. Configure usernames and passwords for various services 30. Configure SMTP parameters (from, to, third party domain) 31. Understand file locations of Nessus components 32. Analyze the nessusd.messages file for scanning history 33. Understand Nessus scan file formats (NSR, NBE, etc.) 34. Understand Nessus report formats and options 35. Export Nessus scan information into a MySQL database 36. Find and use the Nessus list serve for tech support and q/a _______________________________________________ Nessus mailing list [EMAIL PROTECTED] http://mail.nessus.org/mailman/listinfo/nessus
