GSP
Quick Navigator

Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages


Manual Reference Pages  -  NESSUS-ADDUSER (8)

NAME

nessus-adduser - add a user in the nessusd userbase

CONTENTS

Synopsis
Description
Rules
See Also
More Information About The Nessus Project
Author
Bugs

SYNOPSIS

nessus-adduser

DESCRIPTION

The Nessus Security Scanner comes with its own user base which contains the list of who can use the services of nessusd, and what restriction (or rules) each user has.

nessus-adduser is a simple program which will add a user in the proper nessusd configuration files, and will send a signal to nessusd if it is running to notify it of the changes.

The program is straightforward and asks for the following items:
o Login the login name of the nessusd user to add

o Password the password that the user will use to connect to nessusd

o Authentification type the authentification method the client will use. The recommended method is “cipher”. However, if you compiled nessusd without the cipher support or if you are using a Nessus client which does not support the cipher layer, you’ll have to use “plaintext”

o Rules the set of rules to apply to the user. See below.

RULES

Each user has his own set of rules. Rules are here to restrict the rights of the users. For instance, you can add user “joe” so that he can only test the host “192.168.1.1”, whereas you can add user “bob” so that he can test whatever IP address he wishes.

Each rule fits on one line. A user can have an unlimited amount of rules (and can even have no rule at all).

The syntax is:

accept|deny ip/mask
and
default accept|deny

Where mask is the CIDR netmask of the rule.

The default statement must be the last rule and defines the policy of the user.

The following rule set will allow the user to test 192.168.1.0/24, 192.168.3.0/24 and 172.22.0.0/16, but nothing else:

accept 192.168.1.0/24
accept 192.168.3.0/24
accept 172.22.0.0/16
default deny

The following rule set will allow the user to test whatever he wants, except the network 192.168.1.0/24:

deny 192.168.1.0/24
default accept

The keyword client_ip has been defined, and is replaced at run time by the IP address of the nessusd user. For instance, if you want your users to be able to only be able to scan the system they come from, then you want them to have the following ruleset:

accept client_ip
default deny

SEE ALSO

nessus-rmuser(8), nessusd(8), nessus(1)

MORE INFORMATION ABOUT THE NESSUS PROJECT

The canonical places where you will find more information about the Nessus project are:
http://www.nessus.org/ (Official site)
http://cvs.nessus.org (Developers site)

AUTHOR

nessus-adduser was quickly written by Renaud Deraison <deraison@cvs.nessus.org>

BUGS

nessus-adduser creates temporary files in $TMPDIR/. If this variable is not set, then it will use /var/tmp which may be a security risk depending of your configuration.

If you set your TMPDIR variable to /tmp, then you are in trouble.

Search for    or go to Top of page |  Section 8 |  Main Index


The Nessus Project NESSUS-ADDUSER (8) April 2000

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with manServer 1.07.