Although we don't have the same needs the approach I would take, given how I have setup nessus here, is to store configurations in a database and then create the configurations on the fly based on the host being scanned.
What we do here is keep the "hot list" plugins in a table in a database which we then have a web interface for maintaining. A wrapper handles creating the nessus configuration file and another wrapper handles the queues for specifically scheduled scans. Tim Doty -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael Haarsma Sent: Tuesday, November 20, 2007 10:28 PM To: [email protected] Subject: Nice way to use .nessus files on linux command line? Hello, I would like some assistance with a 'nice way' to setup automated scanning. I have RTFM and found it not overly useful (or i missed the pertinent bits), and browsed through the last 4 months of mail archives. I have Nessus 3.0.6 setup on a (Vmware) SLES server, with some Windows Clients and also Linux Clients connecting to it and performing scans (manually) and it works great. One of the windows clients has setup the plug-in policies (30 different groupings) and also all the network segments (100+) and has exported them to .nessus files. How can I then make use of these files to automate the scanning from Linux? (I can just run them from the GUI Client and its fine, but I want it automated as well) Is there anyway to have a target file exported from the Windows Client, _and_ a separate plug-in policy file? What I would like to do, is scan one network with some plug-ins at (x)Hours then another network with the same plug-ins at (y)Hours, and so on and so on. But I would also then like to go to specific defined hosts and use different plug-ins with different plug-in credentials, again scheduled. I understand I can do scans from the command line, but my use of them doesn't show me a way to do what I want. Then from the command line you can combine any combination of target and policy file? If not, is there any other suggested methods of achieving the same thing? Once I have that I will just put each command into cron have it output to a specific file and be read by our security admins and our SIEM. Thanks. Michael _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
