On Oct 4, 2007, at 9:30 PM, Burslan, Mel wrote:
> I am sorry but I could not figure out how to, One: specify
> a .nessusrc file on the command line: Two: and more importantly,
> how to tell which plug-in does what so that I can take out the
> bogus username scanning plug-in.
>
> And you are absolutely right. In my unix environment, 5 invalid
> logins and you are locked out, as well as any 5 break-in attempts
> and the sysadmin gets a "suspicious activity" titled trouble
> ticket, both of which I am trying to avoid/prevent.
I'd recommand you download NessusClient beta5, create a policy which
disables the entire "Default Unix Accounts" family, and export it as
a nessusrc file. Then you can perform your scan in command line by
specifying your config file with the -c switch (nessus -c yourpolicy -
q localhost 1241 ....)
-- Renaud
_______________________________________________
Nessus mailing list
[email protected]
http://mail.nessus.org/mailman/listinfo/nessus
