Manualshelf

Installation guide

ManualsBrandsAbit ManualsComputer equipmentLicense Scanner
61626364656667686970
63
When a policy is created and saved, it records all of the plugins that are initially selected. When new plugins are received
via a plugin feed update, they will automatically be enabled if the family they are associated with is enabled. If the family
has been disabled or partially enabled, new plugins in that family will automatically be disabled as well.
The “Denial of Service” family contains some plugins that could cause outages on network hosts if the “Safe
Checks” option is not enabled, but does contain some useful checks that will not cause any harm. The “Denial
of Service” family can be used in conjunction with “Safe Checks” to ensure that any potentially dangerous
plugins are not run. However, it is recommended that the “Denial of Service” family not be used on a
production network.
The following table describes options that will assist you in selecting plugins.
Table 24 Plugin Options
Option
Description
Plugin Filters
Display plugins based on selected parameters including Name, ID, Family, CVE, BID,
and Cross-References). Select the parameter you wish to search and type in some
text to look for and hit Enter.
Show Only Enabled
Select this checkbox to only show currently enabled plugins.
Enable All Plugins
Enable all available plugins.
Disable All Plugins
Disable all available plugins.
Preferences
The “Preferences” tab includes means for granular control over scan settings. Selecting an item from the drop-down
menu will display further configuration items for the selected category.
Note that this is a dynamic list of configuration options that is dependent on the plugin feed, audit policies, and
additional functionality to which the connected Nessus scanner has access. This list may also change as
plugins are added or modified.
The Cisco IOS Compliance Checks (plugin 46689) options determine the Cisco IOS configuration file to audit. The
available options are Saved, Running, or Startup. Only one type of configuration file may be selected.
If a secure method of performing credentialed checks is not available, users can force Nessus to attempt to perform
checks over insecure protocols by configuring the Cleartext protocols settings (plugin 21744) drop-down menu item.
The cleartext protocols supported for this option are telnet, rsh, and rexec. The “unsafe!” warning serves as a reminder
that the information is being sent across the network in an unencrypted manner.