Alex, I do all of what you mentioned using a combination of perl and shell scripts. In a nutshell, I run customized, automated scans (via cron); automatically filter the result (nbe) files for informational findings, false-positives and the like; convert the nbe files to both html and html-pie reports; mail the html reports to appropriate administrators; publish the html-pie reports on a web server; and (soon) export the raw findings to a mysql database (because I eventually want to do all this within a database instead of flat files).
Some specifics: - I have several different "targets" files that group different systems into various categories - e.g., Microsoft, Linux, Solaris, AIX, firewalls, routers, switches, VPN gateways, IDSs, etc. - I have several different "config" files that enable specific plug-ins for the above groups. E.g., a config file (nessusrc file) for Microsoft, Linux, Solaris, AIX, firewalls, routers, switches, VPN gateways, IDSs, etc. (I use update-nessusrc.py - publicly available - to specify which plug-ins to turn on for each group and to keep those config files up-to-date with all the current plug-ins). - I have three filter files - "false-positives," "risk-accepted," and "always-include" - that are used by a perl script I wrote to exclude or include particular findings (by nessus ID) for a single host, several hosts, or all hosts. - I have several "job control" files that specify different combinations of targets, configs, and filters when running nessus scans. The job control files and the nessus scans are run automatically each month. - I also do a simple nmap scan of the network each week (scripted) and then use a perl script to (a) discover new hosts or new ports/protocols since the last scan (a diff report), and (b) generate a nessus job file and pop it into a queue so nessus automatically scans those new hosts over the weekend. - I also do a dns zone transfer each week (scripted) to find new hosts that may have been put on the network without a change request and then schedule those new hosts for a nessus scan over the weekend. Etc., etc., blah, blah, ad-infinitum, ad-nauseum. You get the idea. Everything is completely automated and hands-off. I would tar the whole thing up and send it to you, but it'd take me some time to sanitize everything. I also have to check with the boss since this is (technically) company intellectual property (I developed it all at work). Let me know which pieces you're interested in and I'll give you more details or post some script snippets. John -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of alex black Sent: Tuesday, September 27, 2005 2:46 PM To: nessus-mail-list Subject: Re: CLI only with reports? > http://nessus.org/documentation/index.php?doc=install > > describes how to compile w/o GTK option. After install "man nessus" > to learn CLI switches. See, I avoided saying RTM :) I do still think it's insane that the client has to be compiled without GTK support - but granted you can do it ;) If you look around in the archives, you'll see lots of b*tching about nessusrc and how you can only generate it with the GUI, etc, and how there is little in the way of automation - so I thought I would ask here if there is anyone running scripts which automate the process to the point of being able to do most or all of what I specified. if not, I'll have to keep hunting.. thanks, _a _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
