Content-type: text/html
Man page of NESSUS-ADDUSER
NESSUS-ADDUSER
Section: User Manuals (8)
Updated: April 2000
Index
Return to Main Contents
NAME
nessus-adduser - add a user in the nessusd userbase
SYNOPSIS
nessus-adduser
DESCRIPTION
The
Nessus Security Scanner
comes with its own user base which contains the list of who can
use the services of
nessusd,
and what restriction (or
rules)
each user has.
nessus-adduser
is a simple program which will add a user in the proper
nessusd
configuration files, and will send a signal to
nessusd
if it is running to notify it of the changes.
The program is straightforward and asks for the following items:
- • Login
-
the login name of the
nessusd
user to add
- • Password
-
the password that the user will use to connect to
nessusd
- • Authentification type
-
the authentification method the client will use. The recommended
method is ``cipher''. However, if you compiled
nessusd
without the
cipher support or if you are using a Nessus client which does not
support the cipher layer, you'll have to use ``plaintext''
- • Rules
-
the set of rules to apply to the user. See below.
RULES
Each user has his own set of rules. Rules are here to restrict
the rights of the users. For instance, you can add user ``joe'' so
that he can only test the host ``192.168.1.1'', whereas you can
add user ``bob'' so that he can test whatever IP address he wishes.
Each rule fits on one line. A user can have an unlimited amount of
rules (and can even have no rule at all).
The syntax is:
-
accept|deny ip/mask
and
-
default accept|deny
Where
mask
is the CIDR netmask of the rule.
The
default
statement must be the last rule and defines the policy of the user.
The following rule set will allow the user to test 192.168.1.0/24,
192.168.3.0/24 and 172.22.0.0/16, but nothing else:
-
accept 192.168.1.0/24
accept 192.168.3.0/24
accept 172.22.0.0/16
default deny
The following rule set will allow the user to test whatever he wants,
except the network 192.168.1.0/24:
-
deny 192.168.1.0/24
default accept
The keyword
client_ip
has been defined, and is replaced at run time by the IP address
of the
nessusd
user. For instance, if you want your users to be able
to only be able to scan the system they come from, then you want
them to have the following ruleset:
-
accept client_ip
default deny
SEE ALSO
nessus-rmuser(8), nessusd(8), nessus(1)
MORE INFORMATION ABOUT THE NESSUS PROJECT
The canonical places where you will find more information
about the Nessus project are:
-
http://www.nessus.org/
(Official site)
http://cvs.nessus.org
(Developers site)
AUTHOR
nessus-adduser
was quickly written by Renaud Deraison <deraison@cvs.nessus.org>
BUGS
nessus-adduser
creates temporary files in
$TMPDIR/.
If this variable is not
set, then it will use
/var/tmp
which may be a security risk
depending of your configuration.
If you set your TMPDIR variable to
/tmp,
then you are in trouble.
Index
- NAME
-
- SYNOPSIS
-
- DESCRIPTION
-
- RULES
-
- SEE ALSO
-
- MORE INFORMATION ABOUT THE NESSUS PROJECT
-
- AUTHOR
-
- BUGS
-
This document was created by
man2html,
using the manual pages.
Time: 04:17:50 GMT, September 24, 2010