# Configuration file of the Nessus Security Scanner # Every line starting with a '#' is a comment # Path to the security checks folder : plugins_folder = ${PREFIX}/lib/nessus/plugins # Maximum number of simultaneous hosts tested : max_hosts = 30 # Maximum number of simultaneous checks against each host tested : max_checks = 10 # Niceness. If set to 'yes', nessusd will renice itself to 10. be_nice = no # Log file (or 'syslog') : logfile = ${PREFIX}/var/nessus/logs/nessusd.messages # Shall we log every details of the attack ? log_whole_attack = yes # Log the name of the plugins that are loaded by the server ? log_plugins_name_at_load = no # Dump file for debugging output, use `-' for stdout dumpfile = ${PREFIX}/var/nessus/logs/nessusd.dump # Rules file : rules = ${PREFIX}/etc/nessus/nessusd.rules # Users database : users = ${PREFIX}/etc/nessus/nessusd.users # CGI paths to check for (cgi-bin:/cgi-aws:/ can do) cgi_path = /cgi-bin:/scripts # Range of the ports the port scanners will scan : # 'default' means that Nessus will scan ports found in its # services file. port_range = default # Optimize the test (recommanded) : optimize_test = yes # Language of the plugins : language = english # Optimization : # Read timeout for the sockets of the tests : checks_read_timeout = 5 # Ports against which two plugins should not be run simultaneously : # non_simult_ports = Services/www, 139, Services/finger non_simult_ports = 139, 445 # Maximum lifetime of a plugin (in seconds) : plugins_timeout = 320 # Safe checks rely on banner grabbing : safe_checks = yes # Automatically activate the plugins that are depended on auto_enable_dependencies = yes # Designate hosts by MAC address, not IP address (useful for DHCP networks) use_mac_addr = no #--- Knowledge base saving (can be configured by the client) : # Save the knowledge base on disk : save_knowledge_base = no # Restore the KB for each test : kb_restore = no # Only test hosts whose KB we do not have : only_test_hosts_whose_kb_we_dont_have = no # Only test hosts whose KB we already have : only_test_hosts_whose_kb_we_have = no # KB test replay : kb_dont_replay_scanners = no kb_dont_replay_info_gathering = no kb_dont_replay_attacks = no kb_dont_replay_denials = no kb_max_age = 864000 #--- end of the KB section # Can users upload their plugins ? plugin_upload = no # Suffixes of the plugins the user can upload : plugin_upload_suffixes = .nasl, .inc # Name of the user who can remotely update the plugins admin_user = root # If this option is set, Nessus will not scan a network incrementally # (10.0.0.1, then 10.0.0.2, 10.0.0.3 and so on..) but will attempt to # slice the workload throughout the whole network (ie: it will scan # 10.0.0.1, then 10.0.0.127, then 10.0.0.2, then 10.0.0.128 and so on... slice_network_addresses = no # Should consider all the NASL scripts as being signed ? (unsafe if set to 'yes') nasl_no_signature_check = no #end. # # Added by nessus-mkcert # cert_file=${PREFIX}/com/CA/servercert.pem key_file=${PREFIX}/var/CA/serverkey.pem ca_file=${PREFIX}/com/CA/cacert.pem # If you decide to protect your private key with a password, # uncomment and change next line # pem_password=password # If you want to force the use of a client certificate, uncomment next line # force_pubkey_auth = yes