Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

File Integrity Auditing with Nessus

Tenable has added a compliance check for Windows which allows users to compare file hashes using a .audit script (Windows compliance checks v2.0.32 or later). By default, MD5 is used to compare two versions of a file, however, users can compare hashes generated with SHA1, SHA256, SHA384, SHA512, or RIPEMD160 algorithms.

Microsoft PowerShell must be installed and WMI must be enabled on the target for these checks to work. If the Windows firewall is enabled, be certain it's configured to allow inbound remote administration (Windows Firewall: Allow inbound remote administration exception).

Below are some examples:

&ltcustom_item&gt
type           : AUDIT_FILEHASH_POWERSHELL
description    : "Audit FILEHASH - MD5"
value_type     : POLICY_TEXT
file           : "C:\test\test2.zip"
value_data     : "8E653F7040AC4EA8E315E838CEA83A04"
&lt/custom_item&gt
&ltcustom_item&gt
type           : AUDIT_FILEHASH_POWERSHELL
description    : "Audit FILEHASH - SHA1"
value_type     : POLICY_TEXT
file           : "C:\test\test2.zip"
value_data     : "0C4B0AF91F62ECCED3B16D35DE50F66746D6F48F ||  "QB4B0AF91F62ECCED3B16D735DE50F66746D6F451"
hash_algorithm : SHA1
&lt/custom_item&gt

For more information, and to download more examples of this feature, please visit the Tenable Support Portal.