Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Nessus Compliance Check Enhancements

Nessuslogo_5 Tenable has received many requests to extend the API for the agent-less Nessus compliance checks. In response to our customers, we've added several new functions to the compliance plugins which are immediately available to all Security Center and Direct Feed users. The documentation for these new APIs has been updated here, and this post describes the new APIs available for UNIX and Windows configuration auditing.

For the Windows operating system, Nessus can now perform the following checks:

  • FILE_CHECK - tests for the presence of a specific file
  • REG_CHECK - tests for the presence of a specific registry entry
  • FILE_CONTENT_CHECK - test for the presence of specific content in a given text file
  • FILE_CONTENT_CHECK_NOT - test for the lack of presence of specific content in a given text file

For example, to test for the presence of a given file on Windows systems, consider the following:

<custom_item>
type       : FILE_CHECK
description: "Check the file win.ini exist"
value_type : POLICY_TEXT
value_data : "%SystemRoot%\win.ini"
file_option: MUST_EXIST
</item>

This text would cause Nessus 3 to search for the file win.ini under the %SystemRoot% directory and report a PASS (informational severity) if the file existed or a FAIL (severity reported as a hole) if it didn't exist.

In addition to these checks for Windows systems, the API for UNIX operating systems was extended to perform checks against the MD5 values of specific files. Here is an example setting:

<custom_item>
type       : FILE_CHECK
description: "/etc/passwd has the proper md5"
required   : YES
file       : "/etc/passwd"
md5        : "c1b38ca2f4656d91041b24b3fb762b7a"
</custom_item>

This tests the file /etc/passwd for a specific MD5 value and alerts if it changes.

Tenable will shortly begin to take advantage of these APIs in the next few updates and additions to the current set of compliance audit files available to customers. There were no changes to the existing APIs and none of the current audit files need to be modified or updated.

Subscribe to the Tenable Blog

Subscribe
Try for Free Buy Now

Try Tenable.io Vulnerability Management

FREE FOR 60 DAYS

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now and run your first scan within 60 seconds.

Buy Tenable.io Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.