Nessus Test Configuration and Nessus Test Assets

Nessus Test Assets allow for on demand vulnerability scanning and auditing of all deployment runs (i.e., both newly provisioned and long standing). There are two was in which Nessus Test Assets can be used:

  1. Part of a Deployment - By default, adding a Nessus Test Asset to a deployment will scan all hosts that are part of that deployment. If one or more targets are specified in the deployment properties (see below), only those specific targets will be scanned.
  2. Test-Only Deployment - Nessus Test Asset is stood up as its own deployment run and will scan targets specified in the deployment properties (see below).

Nessus 6.4 documentation can be found at the Tenable site here: http://static.tenable.com/documentation/nessus_6.4_user_guide.pdf

Configuring Deployment Properties

Nessus Test Assets accept the deployment properties described below.

  • nessus.targets  :  Specifies the target host(s) to scan. Should only be used as part of a Test-Only Deployment

Targets can be entered by single IP address (e.g., nessus.targets=192.168.0.1), set of IPs (e.g., nessus.targets=192.168.1.1,192.168.1.3,192.168.1.24), IP range (e.g., nessus.targets=192.168.0.1-192.168.0.255), subnet with CIDR notation (e.g., nessus.targets=192.168.0.0/24), resolvable host (e.g., nessus.targets=www.nessus.org), or a single IPv6 address (e.g., nessus.targets=link6%eth0, fe80::2120d:17ff:fe57:333b, fe80:0000:0000:0000:0216:cbff:fe92:88d0%eth0). 

  • nessus.format  :  Specifies the format of the report.

Options are pdf, html, and db (nessus and csv formatted reports will be generated in addition. Default is pdf). Example: nessus.format=html

  • nessus.chapters  :  Specifies the chapters to include in report. See http://static.tenable.com/documentation/nessus_6.4_user_guide.pdf for information about Nessus Chapters.

Expecting a semi-colon delimited string comprised of some combination of the following options: vuln_hosts_summary, vuln_by_host, compliance_exec, remediations, vuln_by_plugin, compliance  (e.g., nessus.chapters=vuln_by_host;vuln_by_plugin)

Default: vuln_hosts_summary or vuln_hosts_summary;compliance if audit file is detected 

 

Configuring Nessus Test Assets

The following describes the different components of a Nessus Test Asset.

  • nessus-config.properties: This file allows the user to specify what files within the test asset correspond to one of the following configuration files 

  • In Cons3rt 4.9 the following keys are used, which if present must exist in the config directory of the test asset

    nessusPolicy=nessus_policy_Full_Scan_Policy.nessus
    nessus.credentials=nessus-credentials.txt
    nessus.audit=test.audit
    nessus.audit-category=Unix
    In Cons3rt 4.10 the policy key has changed and any file provided must exist in the scripts directory

    nessus.policy=nessus_policy_Full_Scan_Policy.nessus
    nessus.credentials=nessus-credentials.txt
    nessus.audit=test.audit
    nessus.audit-category=Unix
  • Policy File : A .nessus file that details what families of plugins to run during scanning. These files can be created on a nessus scanner and exported. 
  • Credentials File : This file allows for the inclusion of credentials within a Nessus scan. Each set of credentials must be passed by detailing the following information:

      Credential Type : WINDOWS_PASSWORD, SSH_PASSWORD, SSH_SUDO, SSH_SU

      Username : the username of the user for the given credentials 

      Password : the password of the user for the given credentials

      * The following two fields must be provided if the credentials are of type SSH_SUDO or SSH_SU *

        Escalation Account : the account username to escalate to

        Escalation Password : the password required to escalate permissions

      * Multiple credentials can be passed as long as they are separated by the pattern: --break--

      An example credentials file would appear as follows:

      credential_type=WINDOWS_PASSWORD
      username=administrator
      password=your_password

      --break--

      credential_type=SSH_PASSWORD
      username=root
      password=your_password

      --break--

      credential_type=SSH_SUDO
      username=underprivileged account
      password=your_password
      escalation_account=privileged account
      escalation_password=sudo_password

      --break--

      credential_type=SSH_SU
      username=underprivileged account
      password=your_password
      escalation_account=privileged account
      escalation_password=su_password





      • Audit File : This file allows for the configuration of audits to be run against the system(s) in question, and for their compliance to that audit to be measured ie: passed, or failed. Audit files can be of two types, Unix and windows. In order for an audit file to run, there must be credentials of that corresponding type included as well.


      The audit file in the basic Nessus test asset is included to display the intended use and reporting changes that come with the inclusion of an audit file in a Nessus scan, as the audit itself merely determines whether or not the system (if unix) has a password greater than 14 characters.

      For Example the default audit file contains:

      <check_type: "Unix"> <item> name: "min_password_length" description: "Minimum password length" value: "14..MAX" </item> </check_type>

      For more information on constructing audit files, consult the Tenable documentation forund here: https://support.tenable.com/support-center/nessus_compliance_reference.pdf