网络安全扫描工具Nessus_网管之家
number of simultaneous tests :max_threads = 8# Log file (or 'syslog') :logfile = /usr/local/var/nessus/nessusd.messages# Shall we log every details of the attack ?log_whole_attack = yes# Log the name of the plugins that are loaded by the server ?log_plugins_name_at_load = no# Dump file for debugging output, use `-' for stdoutdumpfile = /usr/local/var/nessus/nessusd.dump# Rules file :rules = /usr/local/etc/nessus/nessusd.rules# Users database :users = /usr/local/etc/nessus/http://www.77cn.com.cners# CGI paths to check for (cgi-bin:/cgi-aws:/ can do)cgi_path = /cgi-bin# Range of the ports nmap will scan :port_range = 1-15000# Optimize the test (recommanded) :optimize_test = yes# Language of the plugins :language = english# Crypto options :negot_timeout = 600peks_username = nessusdpeks_keylen = 1024peks_keyfile = /usr/local/etc/nessus/nessusd.private-keyspeks_usrkeys = /usr/local/etc/nessus/http://www.77cn.com.cner-keyspeks_pwdfail = 5# set random_device to "none" to disable#random_device = /dev/urandomtrack_iothreads = yescookie_logpipe = /usr/local/etc/nessus/nessusd.logpipecookie_logpipe_suptmo = 2force_pubkey_auth = yes# Optimization :# Read timeout for the sockets of the tests :checks_read_timeout = 15# Time to wait for between two tests against the same port, in seconds (to be inetd friendly) :delay_between_tests = 1# Maximum lifetime of a plugin (in seconds) :plugins_timeout = 160#end.4、 规则的定义格式在Nessus中有三个部分用到了规则定义:规则资料库:这里面这义的规则适用于全体用户。用户资料库中的规则:其中的规则只适用于一个用户。客户端的规则:由用户在客户端程序中指定的规则,该规则用来设定扫描目标的范围。这三个地方的规则是有优先级的,其优先级顺序由高往底为:规则资料库中的规则->用户资料库中的规则->客户端的规则。所以,在低优先级的规则中定义的权限不能超过上一级规则中定义的权限。规则的定义格式是:关键字 IP/mask供使用的关键字包括:deny,accept和default。另外,IP地址前还可以加"!"的前缀,表示"not"的意思。我们以规则资料库为例来看看规则的定义。规则资料库文件名为nessusd.rules,其中存放的是在系统范围内应用的规则,起到约束全体用户的作用。它的语法如前面所讲。如:accpet 127.0.0.0/8deny 192.168.1.1/32deny !192.168.0.0/16default deny这些规则组合在一起说明:允许在用户在本地进行操作,可以接受来自于192.168.0.0/16网段中除了192.168.1.1/32以外的所有主机的操作请求。用户还可以用client_ip这个关键字来代表本地主机的IP地址,如果你
希望用户只能在本地主机中进行操作,规则表达如下:accept client_ip/32default deny5、 定义用户资料用户资料库存放在文件http://www.77cn.com.cners中。用户资料库中包含了允许使用nessusd服务进程的用户资料。在用户资料库中创建多个不同的
百度搜索“77cn”或“免费范文网”即可找到本站免费阅读全部范文。收藏本站方便下次阅读,免费范文网,提供经典小说综合文库网络安全扫描工具Nessus_网管之家(6)在线全文阅读。
相关推荐: