hi Rich, The model puts a lot of control into the NessusClient and there is not a lot of options to limit certain preferences at the client that can't be overwritten by the NesussClient.
You could allow the various Sysadmins to use their own scanners and send you their Nessus reports. The Security Center has all sort of roll based and policy based tools so you can restrict certain users to only be able to perform certain types of scans. This is not something we were planning on enforcing at the Nessus scanner daemon itself, aside from limiting what certain Nessus users could actual scan for targets. Ron Gula Tenable Network Security Rich Whitcroft wrote: > My question relates to nessus' client/server model, and more > specifically, its config files. > > We have a Linux server running the nessus daemon and I'm connecting to > it with a Windows client. What I'm not grasping is how the admin of the > nessus server sets restrictions on what the client can and can't do when > requesting a scan. My apologies if the answer is clearly documented; > I've been unable to find it. > > An example of this is the "Log details of the scan on the server" > checkbox in the Options tab of the nessus client. Due to the volume of > scans we'll be doing, as well as the log verbosity, I don't want to log > every launched/not-launched nasl for every target host -- the log gets > ridiculously large very quickly. > > What I'd like to see happen is that we offer the nessus client to > departmental sysadmins who can manage their own scans, though we > (central IT) will manage the nessus server itself. The problem I see > here is that I don't want nessus client users (sysadmins) to be able to > check the "Log details of the scan on the server" (for example) and fill > up my logs. > > So, where can the nessus server admin set these restrictions that will > override settings specified by the client? > > Thanks for reading, > -rw > _______________________________________________ > Nessus mailing list > [email protected] > http://mail.nessus.org/mailman/listinfo/nessus > _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
