the login name of the
nessusd user to add
the password that the user will use to connect to
|o Authentification type||
the authentification method the client will use. The recommended
method is cipher. However, if you compiled
nessusd without the
cipher support or if you are using a Nessus client which does not
support the cipher layer, youll have to use plaintext
the set of rules to apply to the user. See below.
Each user has his own set of rules. Rules are here to restrict the rights of the users. For instance, you can add user joe so that he can only test the host 192.168.1.1, whereas you can add user bob so that he can test whatever IP address he wishes.
Each rule fits on one line. A user can have an unlimited amount of rules (and can even have no rule at all).
The syntax is:accept|deny ip/maskanddefault accept|deny
Where mask is the CIDR netmask of the rule.
The default statement must be the last rule and defines the policy of the user.
The following rule set will allow the user to test 192.168.1.0/24, 192.168.3.0/24 and 172.22.0.0/16, but nothing else:accept 192.168.1.0/24
The following rule set will allow the user to test whatever he wants, except the network 192.168.1.0/24:deny 192.168.1.0/24
The keyword client_ip has been defined, and is replaced at run time by the IP address of the nessusd user. For instance, if you want your users to be able to only be able to scan the system they come from, then you want them to have the following ruleset:accept client_ip
The canonical places where you will find more information about the Nessus project are:http://www.nessus.org/ (Official site)
http://cvs.nessus.org (Developers site)
nessus-adduser was quickly written by Renaud Deraison <email@example.com>
nessus-adduser creates temporary files in $TMPDIR/. If this variable is not set, then it will use /var/tmp which may be a security risk depending of your configuration.
If you set your TMPDIR variable to /tmp, then you are in trouble.
|The Nessus Project||NESSUS-ADDUSER (8)||April 2000|