Manualshelf

Specifications

ManualsBrandsRed Hat ManualsOtherCERTIFICATE SYSTEM 6.0 - MIGRATION GUIDE
61626364656667686970
Copyright © 2015. Tenable Network Security, Inc. All rights reserved. Tenable Network Security and Nessus are registered trademarks of Tenable Network Security, Inc.
65
A conservative starting point to determine the best max_hosts setting in an enterprise environment is to set it to “20” on a
Unix-based Nessus system and “10” on a Windows Nessus scanner.
In addition to max_hosts, the server allows a global.max_hosts setting that controls the total hosts that can be scanned
across all users at the same time. Administrators are bound by the same restrictions on both settings to avoid excessive load
on the scanning server, which may have adverse effects on other users.
Notes on max_checks:
This is the number of simultaneous checks or plugins that will be run against a single target host during a scan. Note that
setting this number too high can potentially overwhelm the systems you are scanning depending on which plugins you are
using in the scan.
Multiply max_checks by max_hosts to find the number of concurrent checks that can potentially be running at any given
time during a scan. Because max_checks and max_hosts are used in concert, setting max_checks too high can also
cause resource constraints on a Nessus scanner system. As with max_hosts, experimentation will provide you with the
optimal setting for max_checks, but it is recommended that this always be set relatively low.
Configuration Options
The following table provides a brief explanation of each configuration option available in the configuration menu. Many of
these options can be configured through the user interface when creating a scan policy.
Option
Description
allow_post_scan_editing
Allows a user to make edits to scan results after the scan completes.
auto_enable_dependencies
Automatically activate the plugins that are depended on. If disabled, not all plugins
may run despite being selected in a scan policy.
auto_update
Automatic plugin updates. If enabled and Nessus is registered, fetch the newest
plugins from plugins.nessus.org automatically. Disable if the scanner is on an isolated
network that is not able to reach the Internet.
auto_update_delay
Number of hours to wait between two updates. Four (4) hours is the minimum allowed
interval.
cgi_path
During the testing of web servers, use this colon delimited list of CGI paths.
checks_read_timeout
Read timeout for the sockets of the tests.
disable_ntp
Disable the old NTP legacy protocol.
disable_xmlrpc
Disable the new XMLRPC (Web Server) interface.
dumpfile
Location of a dump file for debugging output if generated.
enable_listen_ipv4
Directs Nessus to listen on IPv4.
enable_listen_ipv6
Directs Nessus to listen on IPv6 if the system supports IPv6 addressing.