On Jul 22, 2008, at 6:25 AM, Chris Henderson wrote: > I added a user (this user is not a Linux system user) using > nessus-adduser(8) - I only want this user to be able to scan the > machine he connects from. So I added rules "accept client_ip" and > "default deny", ^D. But this is not working. When this user logs on > from the Windows client machine he can scan any host or subnet he > wants. > > I have looked on the server - > /opt/nessus/var/nessus/users/user_name/auth/rules file - and it has > two entries: accept client_ip and default deny.
Have you verified the contents of the rules file in question? Would you mind sending me a copy? Are you sure you're logging in with the username to which the rules are supposed to apply? And to the right server? George -- [EMAIL PROTECTED] _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
