Nessus Compliance Check Enhancements
Tenable has received many requests to extend the API for the agent-less Nessus compliance checks. In response to our customers, we've added several new functions to the compliance plugins which are immediately available to all Security Center and Direct Feed users. The documentation for these new APIs has been updated here, and this post describes the new APIs available for UNIX and Windows configuration auditing.
For the Windows operating system, Nessus can now perform the following checks:
- FILE_CHECK - tests for the presence of a specific file
- REG_CHECK - tests for the presence of a specific registry entry
- FILE_CONTENT_CHECK - test for the presence of specific content in a given text file
- FILE_CONTENT_CHECK_NOT - test for the lack of presence of specific content in a given text file
For example, to test for the presence of a given file on Windows systems, consider the following:
type : FILE_CHECK
description: "Check the file win.ini exist"
value_type : POLICY_TEXT
value_data : "%SystemRoot%\win.ini"
This text would cause Nessus 3 to search for the file win.ini under the %SystemRoot% directory and report a PASS (informational severity) if the file existed or a FAIL (severity reported as a hole) if it didn't exist.
In addition to these checks for Windows systems, the API for UNIX operating systems was extended to perform checks against the MD5 values of specific files. Here is an example setting:
type : FILE_CHECK
description: "/etc/passwd has the proper md5"
required : YES
file : "/etc/passwd"
md5 : "c1b38ca2f4656d91041b24b3fb762b7a"
This tests the file /etc/passwd for a specific MD5 value and alerts if it changes.
Tenable will shortly begin to take advantage of these APIs in the next few updates and additions to the current set of compliance audit files available to customers. There were no changes to the existing APIs and none of the current audit files need to be modified or updated.