Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: Nessus: users

Scanning a network fo MS Security Bulletins

 

 

Nessus users RSS feed   Index | Next | Previous | View Threaded


Michael.Chilcott at emoryhealthcare

Oct 2, 2008, 11:10 AM

Post #1 of 4 (1369 views)
Permalink
Scanning a network fo MS Security Bulletins

Using the Nessus Client I created many (approx 85) .nessus files, because we have large Class B network - and I wanted to space out each of the scans over a couple of days. I then created .sh files and placed them into the crontab to run at scheduled times and days. If I run them with the default scan everything works, but I want to make better use of the product, and am stumped...
I used the baseline scan policy of Microsoft Patches, and only selected the Microsoft patches for 06, 07, and 08. We have a standard software image so I really don't need to scan for the other miscellaneous software, so I then save this policy as "new ms patches" - now here is where I am stumped - I want all 85 of these .nessus files to use this new ms patches policy and next month when MS comes out with 4 patches I am going to have to go into each of those 85 files to select the new patches.

I though I could use the "Share this policy across multiple sessions" but it will not work. I found in the docs the following: "Note that a policy which has the "Share this policy across multiple sessions" option selected cannot be saved to a .nessus file. Using this option means that the policy is to become one of the default policies displayed whenever the NessusClient is started or whenever the "New Session" option is selected from the main menu.
Any thought or ideas so I don't have to go in and modify 85 .nessus files each month?

Thanks - Mike

________________________________
This e-mail message (including any attachments) is for the sole use of
the intended recipient(s) and may contain confidential and privileged
information. If the reader of this message is not the intended
recipient, you are hereby notified that any dissemination, distribution
or copying of this message (including any attachments) is strictly
prohibited.

If you have received this message in error, please contact
the sender by reply e-mail message and destroy all copies of the
original message (including attachments).


tdoty at mst

Oct 2, 2008, 11:38 AM

Post #2 of 4 (1277 views)
Permalink
RE: Scanning a network fo MS Security Bulletins [In reply to]

I'm not doing quite what you are, but can't you use a single .nessus file and specify the targets using a targets file? In the .nessus file simply remove any reference to targets and then create your 85 target files for use with the commandline. A target file can be a list of ip addresses, specify ranges as ranges or use CIDR notation.

Tim Doty

From: nessus-bounces [at] list [mailto:nessus-bounces [at] list] On Behalf Of Chilcott, Mike
Sent: Thursday, October 02, 2008 1:10 PM
To: nessus [at] list
Subject: Scanning a network fo MS Security Bulletins

   Using the Nessus Client I created many (approx 85)  .nessus files, because we have large Class B network - and I wanted to space out each of the scans over a couple of days. I then created .sh files and placed them into the crontab to run at scheduled times and days. If I run them with the default scan everything works, but I want to make better use of the product, and am stumped...
   I used the baseline scan policy of Microsoft Patches, and only selected the Microsoft patches for 06, 07, and 08. We  have a standard software image so I really don't need to scan for the other miscellaneous software, so I then save this policy as "new ms patches" - now here is where I am stumped - I want all 85 of these .nessus files to use this new ms patches policy and next month when MS comes out with 4 patches I am going to have to go into each of those 85 files to select the new patches.
   I though I could use the "Share this policy across multiple sessions" but it will not work. I found in the docs the following:  "Note that a policy which has the "Share this policy across multiple sessions" option selected cannot be saved to a .nessus file. Using this option means that the policy is to become one of the default policies displayed whenever the NessusClient is started or whenever the "New Session" option is selected from the main menu.
   Any thought or ideas so I don't have to go in and modify 85 .nessus files each month?

Thanks - Mike

________________________________________
This e-mail message (including any attachments) is for the sole use of
the intended recipient(s) and may contain confidential and privileged
information. If the reader of this message is not the intended
recipient, you are hereby notified that any dissemination, distribution
or copying of this message (including any attachments) is strictly
prohibited.

If you have received this message in error, please contact
the sender by reply e-mail message and destroy all copies of the
original message (including attachments).
_______________________________________________
Nessus mailing list
Nessus [at] list
http://mail.nessus.org/mailman/listinfo/nessus


rgula at tenablesecurity

Oct 2, 2008, 1:10 PM

Post #3 of 4 (1280 views)
Permalink
Re: Scanning a network fo MS Security Bulletins [In reply to]

Chilcott, Mike wrote:
> Using the Nessus Client I created many (approx 85) .nessus files, because we have large Class B network - and I wanted to space out each of the scans over a couple of days. I then created .sh files and placed them into the crontab to run at scheduled times and days. If I run them with the default scan everything works, but I want to make better use of the product, and am stumped...
> I used the baseline scan policy of Microsoft Patches, and only selected the Microsoft patches for 06, 07, and 08. We have a standard software image so I really don't need to scan for the other miscellaneous software, so I then save this policy as "new ms patches" - now here is where I am stumped - I want all 85 of these .nessus files to use this new ms patches policy and next month when MS comes out with 4 patches I am going to have to go into each of those 85 files to select the new patches.
>
> I though I could use the "Share this policy across multiple sessions" but it will not work. I found in the docs the following: "Note that a policy which has the "Share this policy across multiple sessions" option selected cannot be saved to a .nessus file. Using this option means that the policy is to become one of the default policies displayed whenever the NessusClient is started or whenever the "New Session" option is selected from the main menu.
> Any thought or ideas so I don't have to go in and modify 85 .nessus files each month?
>
> Thanks - Mike

Hi Mike,

Several comments.

Bad news first -- the NessusClient was not designed to do what you
are trying to do. Managing multiple scan policies, perhaps multiple
credentials, multiple targets/assets and mulitple schedules is something
that the Security Center does.

Having said that, I'd look at a few areas you might be able to
improve on.

- Scan Time

If you are just doing credentialed patch auditing, turn off all network
port scanning and just log into the target machines. This is extremely
fast with Nessus. If you have to audit open ports, enabled the WMI port
scanner. I would really encourage you to post your current scan times
and settings, make changes and post the new scan times There's also possibly
more optimization you can make based on CPU load, hosts/scanner and
checks/host settings after that. Unless you have a political requirement
to scan 85 distinct networks, I'd really work on reducing your scan time.

- Policy Management

If you enable a family in a .nessus file, then it will automatically
enable new checks that are in that family. If you specifically enable
some checks, the Nessus Client assumes other checks (like new checks)
are disabled. Understand you might not want to test for older plugins,
but there are not that many of them compared to what was shipped
this year and the years you are testing for. I would strongly consider
simply enabling the entire family and avoiding having to re-edit
your files.

- Policy Sharing with the Nessus Client

The function of sharing a policy across sessions is a manifestation
of the client. The actual .nessus files don't change. Since you are
batching these files, making something global won't actually change
the settings in your 85 scan polices.

Ron Gula
Tenable Network Security


















_______________________________________________
Nessus mailing list
Nessus [at] list
http://mail.nessus.org/mailman/listinfo/nessus


npouvesle at tenablesecurity

Oct 2, 2008, 1:15 PM

Post #4 of 4 (1292 views)
Permalink
Re: Scanning a network fo MS Security Bulletins [In reply to]

On Oct 2, 2008, at 8:10 PM, Chilcott, Mike wrote:

> Using the Nessus Client I created many (approx 85) .nessus
> files, because we have large Class B network – and I wanted to space
> out each of the scans over a couple of days. I then created .sh
> files and placed them into the crontab to run at scheduled times and
> days. If I run them with the default scan everything works, but I
> want to make better use of the product, and am stumped…
> I used the baseline scan policy of Microsoft Patches, and only
> selected the Microsoft patches for 06, 07, and 08. We have a
> standard software image so I really don’t need to scan for the other
> miscellaneous software, so I then save this policy as “new ms
> patches” – now here is where I am stumped – I want all 85 of
> these .nessus files to use this new ms patches policy and next month
> when MS comes out with 4 patches I am going to have to go into each
> of those 85 files to select the new patches.
> I though I could use the “Share this policy across multiple
> sessions” but it will not work. I found in the docs the following:
> “Note that a policy which has the “Share this policy across multiple
> sessions” option selected cannot be saved to a .nessus file. Using
> this option means that the policy is to become one of the default
> policies displayed whenever the NessusClient is started or whenever
> the “New Session” option is selected from the main menu.
> Any thought or ideas so I don’t have to go in and modify
> 85 .nessus files each month?
>

You should create a .nessus policy with the "Windows : Microsoft
Bulletins" family enabled. All the new plugins in this family will be
automatically selected.
And Nessus is optimized to only perform recent scan against your host,
for example plugins for XP SP2 patches are not launched if you are
running XP SP3.


Nicolas
_______________________________________________
Nessus mailing list
Nessus [at] list
http://mail.nessus.org/mailman/listinfo/nessus

Nessus users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.