Manualshelf

Specifications

ManualsBrandsRed Hat ManualsOtherCERTIFICATE SYSTEM 6.0 - MIGRATION GUIDE
71727374757677787980
Copyright © 2015. Tenable Network Security, Inc. All rights reserved. Tenable Network Security and Nessus are registered trademarks of Tenable Network Security, Inc.
78
The following example highlights the creation of a second Nessus user with password authentication and user rules that
restrict the user to scanning a class B subnet, 172.20.0.0/16. For further examples and the syntax of user rules please
see the Nessus v6 Command Line Reference guide for nessuscli.
# /opt/nessus/sbin/nessuscli adduser
Login : tater-nessus
Login password :
Login password (again) :
Do you want this user to be a Nessus 'admin' user ? (can upload plugins, etc...) (y/n)
[n]: y
User rules
----------
nessusd has a rules system which allows you to restrict the hosts
that tater-nessus has the right to test. For instance, you may want
him to be able to scan his own host only.
Please see the nessus-adduser manual for the rules syntax
Enter the rules for this user, and enter a BLANK LINE once you are done :
(the user can have an empty rules set)
accept 172.20.0.0/16
deny 0.0.0.0/0
Login : tater-nessus
Password : ***********
This user will have 'admin' privileges within the Nessus server
Rules :
accept 172.20.0.0/16
deny 0.0.0.0/0
Is that ok ? (y/n) [y] y
User added
Nessusd Command Line Options
In addition to running the nessusd server, there are several command line options that can be used as required. The
following table contains information on these various optional commands.
Option
Description
-c <config-file>
When starting the nessusd server, this option is used to specify the server-side
nessusd configuration file to use. It allows for the use of an alternate configuration file
instead of the standard /opt/nessus/etc/nessus/nessusd.db (or
/usr/local/nessus/etc/nessus/nessusd.db for FreeBSD).
-a <address>
When starting the nessusd server, this option is used to tell the server to only listen to
connections on the address <address> that is an IP, not a machine name. This
option is useful if you are running nessusd on a gateway and if you do not want
people on the outside to connect to your nessusd.
-S <ip[,ip2,...]>
When starting the nessusd server, force the source IP of the connections established
by Nessus during scanning to <ip>. This option is only useful if you have a multi-
homed machine with multiple public IP addresses that you would like to use instead of
the default one. For this setup to work, the host running nessusd must have multiple