MAN page from RedHat 7.X nessus-server-1.0.7a-1.i386.rpm
Section: User Manuals (8)
Updated: April 2000Index
nessus-adduser - add a user in the nessusd userbase
The Nessus Security Scannercomes with its own user base which contains the list of who canuse the services of nessusd, and what restriction (orrules) each user has.
nessus-adduseris a simple program which will add a user in the proper nessusdconfiguration files, and will send a signal to nessusd if it isrunning to notify it of the changes.
The program is straightforward and asks for the following items:
- * Login
- the login name of the nessusd user to add
- * Password
- the password that the user will use to connect to nessusd
- * Authentification type
- the authenfication method the client will use. The recommandedmethod is 'cipher'. However, if you compiled nessusd without the cipher support or if you are using a Nessus client which does notsupport the cipher layer, you'll have to use 'plaintext'
- * Rules
- the set of rules to apply to the user. See below.
Each user has his own set of rules. Rules are here to restrictthe rights of the users. For instance, you can add user 'joe' sothat he can only test the host '192.168.1.1', whereas you can add user 'bob' so that he can test whatever IP address he wishes.
Eeach rule fits on one line. A user can have an unlimited amount ofrules (and can even have no rule at all).
The syntax is :
Wheremaskis the CIDR netmask of the rule.
Thedefaultstatement must be the last rule and defines the policy of the user.
The following rule set will allow the user to test 192.168.1.0/24,192.168.3.0/24 and 172.22.0.0/16, but nothing else :
The following rule set will allow the user to test whatever he wants,except the network 192.168.1.0/24 :
The keywordlient_iphas been defined, and is replaced at run time by the IP addressof the nessusd user. For instance, if you want your users to be ableto only be able to scan the system they come from, then you wantthem to have the following ruleset :
MORE INFORMATION ABOUT THE NESSUS PROJECT
The canonical places where you will find more information about the Nessus project are : http://www.nessus.org
nessus-adduser was quickly written by Renaud Deraison <deraisonAATTcvs.nessus.org>
nessus-adduser creates temporary files in $TMPDIR/. If this variable is notset, then it will use /var/tmp which may be a security riskdepending of your configuration.
If you set your TMPDIR variable to /tmp, then you are in troubles
- SEE ALSO
- MORE INFORMATION ABOUT THE NESSUS PROJECT
This document was created byman2html,using the manual pages.