- Nessus compliance checks
- Nessus Compliance Checks for OS X
- (back to top)
- only works if you have Professional Feed license
- via ".audit" files
- XML-like file structure
- <item>
- keyword: "value"
- keyword: "value"
- SEVERITY: medium
- </item>
- Compliance check items
- built-in
- pwd policy
- permissions
- suspicious files
- custom
- file contents
- command execution
- if-then-else
- grammar
- examples
- password-length policy
- user home dir permissions
- permissions on a particular file
- given absolute path
- <custom_item>...</custom_item>
- NTP server enabled?
- look at content of the /etc/hostconfig file (OS X)
- you can only look for one line
- regex: ".*TIMESYNC=.*$"
- expect: .*TIMESYNC=-YES-"
- use another check to inspect the contents of the ntp.conf file
- what if multiple lines to check?
- use command execution
- make a one-line command that produces one line of output
- inspect that one line
- type: CMD_EXEC
- cmd: whatever
- expect: whatever
- Could be a nasty PERL command to execute!
- perl -0777 -nle 'if whatever... print \"Disabled\\n\"...
- expect: Disabled
- check warning banner for SSH, TELNET, etc (by inspecing config file)
- installation
- Nessus running with license
- enable the plugins like "UNIX Compliance Checks"
- Specify SSH credentials so it can log into the machines
- user/pwd
- pub/priv keypairs
- commands run under SUDO
- Advanced tab, specify the .audit files
- compliance engine results show up under plugin 21157