Ron Gula wrote: > Tucker, Brock - St. Louis, MO wrote: >> Let's say that I have a dozen or so scanners that are all set to receive >> daily updates. These updates change the default scanning policy to use >> all of the plug-ins, correct? > > Yes, but your Nessus client is still in the driver seat. If your client > is specifying what to scan, a plugin not in that list won't be used.
I answered that last email to quickly with the **wrong** answer. For long-running scans, it's a non-issue -- the Nessus server spawns a child to handle each client connection and that learns about available plugins from the parent only when the child starts. So as long as the client stays connected, the corresponding server child process won't learn of new plugin updates. Otherwise, it's as George Theall has commented before. Nessus will automatically enable non-dangerous plugins it knows about but the client doesn't explicitly disable. Renaud has suggested that we encourage people to use a few clicks of NessusClient to update configuration files after the plugin updates occur, although George's update-nessusrc script may lend itself better for unattended scripted operation. Ron Gula Tenable Network Security _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
