Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Creating "Gold Build" Audit Policies


Security Center users and the Direct Feed subscribers have the ability to audit the host-based configuration of their UNIX and Windows servers. Tenable has produced several audit polices based on our own research, public guidance from CERT, NSA, NIST and the Center for Internet Security. For the Windows operating system, Tenable has also produced the Windows Nessus Policy Creator (WNPC). This entry will discuss the purpose and usage of the tool.

Many of Tenable's customers have told us that their provisioning, network management or change control processes require that "like" servers be configured the same way. For example, an organization might run twelve Exchange servers and twenty MS SQL servers. It is good IT practice to configure these systems the same way. If this is a new concept to you, we're talking about configuring similar settings, such as lock out policies, how often passwords should be changed, what sort of software has been installed and so on. If your organization is audited for any reason, it may fall upon you to show that your systems are configured in a manner that is consistent with your own policies.

The WNPC tool is designed to be operated on one "gold" system and then to extract the configuration of that system to produce an audit file for Nessus Direct Feed users. The tool is available as a Windows executable. When it is run, there is a very simple interface which allows for cut n' pasting of the text policy values or for saving to a specific Nessus 3 ".audit" file.

Below is an example screen shot of the Windows Nessus Policy Creator in action:


Any of the .audit files can then be used with Nessus 3 for scanning hosts to see if they are compliant. By "compliant" we mean that a host is configured as expected as compared to this "gold" system. The WNPC tool collects several thousand audit points for access control settings in the registry and file system. It also audits all security policy settings such as password complexity, event logging and lock out policies.

There are many use cases for this technology:

  • Security Center users can create per-asset configuration policies and then scan those particular assets for those particular configuration settings.
  • Consultants using Nessus 3 and the Direct Feed can quickly create policies for a customer and then scan their other assets for deviations from that policy.
  • Policies can be created from "factory" default settings as a baseline, and then an audit of systems in the field can be conducted to detect what has been changed.
  • IT Organizations can work with the Windows operating system directly to "harden it" to their liking and then use the WNPC to create the audit policy automatically.

For more information, to read the compliance check documentation and to obtain the Windows Nessus Policy Create tool, please visit the Nessus 3 Agent-less Compliance Checks page.

Subscribe to the Tenable Blog

Try for Free Buy Now

Try Tenable.io Vulnerability Management


Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now and run your first scan within 60 seconds.

Buy Tenable.io Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

Try Nessus Professional Free


Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.