Nessus Compliance Check Enhancements
Tenable has received many requests to extend the API for the agent-less Nessus compliance checks. In response to our customers, we've added several new functions to the compliance plugins which are immediately available to all Security Center and Direct Feed users. The documentation for these new APIs has been updated here, and this post describes the new APIs available for UNIX and Windows configuration auditing.
For the Windows operating system, Nessus can now perform the following checks:
- FILE_CHECK - tests for the presence of a specific file
- REG_CHECK - tests for the presence of a specific registry entry
- FILE_CONTENT_CHECK - test for the presence of specific content in a given text file
- FILE_CONTENT_CHECK_NOT - test for the lack of presence of specific content in a given text file
For example, to test for the presence of a given file on Windows systems, consider the following:
<custom_item>
type : FILE_CHECK
description: "Check the file win.ini exist"
value_type : POLICY_TEXT
value_data : "%SystemRoot%\win.ini"
file_option: MUST_EXIST
</item>
This text would cause Nessus 3 to search for the file win.ini under the %SystemRoot% directory and report a PASS (informational severity) if the file existed or a FAIL (severity reported as a hole) if it didn't exist.
In addition to these checks for Windows systems, the API for UNIX operating systems was extended to perform checks against the MD5 values of specific files. Here is an example setting:
<custom_item>
type : FILE_CHECK
description: "/etc/passwd has the proper md5"
required : YES
file : "/etc/passwd"
md5 : "c1b38ca2f4656d91041b24b3fb762b7a"
</custom_item>
This tests the file /etc/passwd for a specific MD5 value and alerts if it changes.
Tenable will shortly begin to take advantage of these APIs in the next few updates and additions to the current set of compliance audit files available to customers. There were no changes to the existing APIs and none of the current audit files need to be modified or updated.
Related Articles
Study: Tenable Offers Fastest, Broadest Coverage of CISA's KEV Catalog
October 23, 2023Tenable ranked first in multiple vulnerability management categories, including the most comprehensive coverage and quickest detection of CISA's Known Exploited Vulnerabilities, according to a Miercom report commissioned by Tenable.
Tuning Network Assessments for Performance and Resource Usage
September 13, 2022Using the correct tool for the job and optimizing scanner placement will have a large impact on scan efficiency with Nessus, Tenable.io and Tenable.sc.
Terrascan Joins the Nessus Community, Enabling Nessus To Validate Modern Cloud Infrastructures
May 17, 2022The addition of Terrascan to the Nessus family of products helps users better secure cloud native infrastructure by identifying misconfigurations, security weaknesses, and policy violations by scanning Infrastructure as Code repositories.
CVE-2024-7593: Ivanti Virtual Traffic Manager Authentication Bypass Vulnerability
August 14, 2024Ivanti released a patch for a critical severity authentication bypass vulnerability and a warning that exploit code is publicly available
Microsoft’s August 2024 Patch Tuesday Addresses 88 CVEs
August 13, 2024Microsoft addresses 88 CVEs with seven critical vulnerabilities and 10 zero-day vulnerabilities, six of which were exploited in the wild.
Compromising Microsoft's AI Healthcare Chatbot Service
August 13, 2024Tenable Research discovered multiple privilege-escalation issues in the Azure Health Bot Service via a server-side request forgery (SSRF), which allowed researchers access to cross-tenant resources.
- Nessus