Kenneth Kline - 2008-06-20

Logged In: YES
user_id=1623129
Originator: NO

Compliance Audits is now working on the merge_kkline branch. Obstacles that had to be overcome.

1. Scanlite modules will not run compliance audits currently. Currently do not have the background info to write additional ntp protocol code that will interface with the nessus server to upload the policy config/settings. Likely difficult to do as Nessus 3 is closed source.

2. Reworked backend code to allow scan jobs to run in scanlite mode or client mode optionally. If scanlite mode is the default, the code will fall back and run client mode in the event a scan jobs is a compliance audit. Further more. compliance audits only provide partial results in the return data to a nessus.out

ex.

normal audit

results|192.168.0|192.168.0.1|general/tcp|12053|Security Note|192.168.0.1 resolves as rt1.kline.lan.\n Risk factor : \n\n Low\n

compiance audit

results|192.168.0|192.168.0.2|general/tcp|21156|Security Note|"Enforce Pasword History": [FAILED]\n\n Remote value: 0\nPolicy Value: [24..4294967295]\n\n

Trick was setting it to have a risk value to pass so didn't have to rewrite other code.

When audit files are specified and plugin 21156/21157/24760 are used will add "Risk factor : \n\n[VALUE]\n

to description as such [VALUE]:
High=[FAILED]
Medium=[ERROR]
Low=[PASSED]

then when the load result routine runs it populates the risk field in nessus_results and removes the risk factor code prior to inserting.

Requirements for a successful compliance audit:

Target Tab
Name job
Specify Targets

Scan Tab
Pick a profile with compliance plugins enabled
Pick a server with a direct feed

Credentials
Pick/enter a valid credential

Compliance
Choose one or more compliance checks from Windows/ Windows File Contents/Unix Checks

Currently, I do not have the option to specify ssh linux/unix credentials