Thanks for your help. On Sat, Jul 26, 2008 at 3:06 AM, George A. Theall <[EMAIL PROTECTED]> wrote: > On Jul 22, 2008, at 6:25 AM, Chris Henderson wrote: > >> I added a user (this user is not a Linux system user) using >> nessus-adduser(8) - I only want this user to be able to scan the >> machine he connects from. So I added rules "accept client_ip" and >> "default deny", ^D. But this is not working. When this user logs on >> from the Windows client machine he can scan any host or subnet he >> wants. >> >> I have looked on the server - >> /opt/nessus/var/nessus/users/user_name/auth/rules file - and it has >> two entries: accept client_ip and default deny. > > Have you verified the contents of the rules file in question? Would > you mind sending me a copy?
Sorry but I don't know how to verify the content of the rules file. I have just created a user called "test" with default deny and here is the content of the rules file for that user : # cat /opt/nessus/var/nessus/users/test/auth/rules default deny As usual this user can scan _any_ host. If you let me know about any other file or how to verify the content, I am more than happy to do so. Also, in nessusd.conf the admin user's name is there but I don't see the test user's name. I am assuming it's normal. > Are you sure you're logging in with the username to which the rules > are supposed to apply? And to the right server? I haven't made any mistake there. _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
