One other option would be to simply disable the "dangerous" plugins in the
.nessusrc file. The easiest way to do this would be to use one of the
update-nessusrc scripts. Most likely, George's script would be better for
this instance, since it offers better fine-grained control than my script.
In any case, you can find them at:
http://www.tifaware.com/perl/update-nessusrc/
http://www.edgeos.com/software/
~Jay
..
.. Jay Jacobson
.. Edgeos, Inc. - 480.961.5996 - http://www.edgeos.com
..
.. Managed Vulnerability Assessment
.. Services for Information Security Professionals
..
On Tue, 24 Feb 2004, Justin R. Northcraft wrote:
> I find myself in the same position; this will be very useful to me. Thanks!!
>
> Justin R. Northcraft, GSEC, CNA
> Systems Consultant
> Clifton Gunderson Technology Solutions
>
> 7670 E. Broadway
> Suite 308
> Tucson, Arizona 85710
>
> Office: 520.290.8870 x103
> Fax: 520.290.0062
>
> Cell: 520.991.6910
>
> http://www.cliftontechnology.om
>
>
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
> On Behalf Of [EMAIL PROTECTED]
> Sent: Tuesday, February 24, 2004 12:20 PM
> To: [EMAIL PROTECTED]
> Subject: safe option for nessus-update-plugins
>
> Hello all,
>
> When performing assessments, I usually strip out all aggressive plugins from
> nessus. This extra step is taken as a "cya" just in case things go amiss
> during an assessment. With that in mind, I added an additional flag to
> nessus-update-plugins. This flag, -s, will not change the normal process of
> updating plugins, but will take the additional step of removing all plugins
> categorized as dangerous, ie. ACT_DENIAL, ACT_KILL_HOST and
> ACT_DESTRUCTIVE_ATTACK from the nessus plugins dir. I plan on incorporating
> this into my scanning process and would be interested in hearing if others
> would find this useful.
> I've attached a patch for those interested.
>
> -dave
>
_______________________________________________
Nessus mailing list
[EMAIL PROTECTED]
http://mail.nessus.org/mailman/listinfo/nessus
