# # Configuration file of the Nessus Security Scanner # # Any line starting with a '#' is a comment and will be # ignored by the Nessus Scanner # Automatic plugins updates - if enabled and Nessus is registered, then # fetch the newest plugins from plugins.nessus.org automatically. Disable # if the scanner is on an isolated network not able to reach the Internet. auto_update = yes # Number of hours to wait between two updates auto_update_delay = 24 # Maximum number of simultaneous hosts tested : max_hosts = 100 global.max_hosts = 1499 # Maximum number of simultaneous checks against each host tested : max_checks = 5 # Log file : logfile = /opt/nessus/var/nessus/logs/nessusd.messages # The maximum number of log files kept on disk. # If the number exceeds the value, the oldest log file will be deleted. logfile_max_files = 100 # Specifies the type of log file rotation applied to the Nessus Log File. # Can be 'size' or 'time' logfile_rot = size # Specifies the maximum size of the log file in megabytes (MB). # If file size exceeds the maximum size, a new log file will be created. # This only applies if logfile_rot is set to 'size' logfile_max_size = 512 # Specifies how many days between log rotations. # Every time this amount of time has elapsed, since the service started, a new log file will be created. # This only applies if logfile_rot is set to 'time' logfile_rotation_time = 1 # Web Server (user interface) log file : www_logfile = /opt/nessus/var/nessus/logs/www_server.log # Shall we log every details of the attack ? (disk intensive) log_whole_attack = no # Dump file for debugging/errors output dumpfile = /opt/nessus/var/nessus/logs/nessusd.dump # The maximum number of dump files kept on disk. # If the number exceeds the value, the oldest dump file will be deleted. dumpfile_max_files = 100 # Specifies the type of log file rotation applied to the Nessus Dump File. # Can be 'size' or 'time' dumpfile_rot = size # Specifies the maximum size of the dump file in megabytes (MB). # If file size exceeds the maximum size, a new dump file will be created. # This only applies if dumpfile_rot is set to 'size' dumpfile_max_size = 512 # Specifies how many days between dump file rotations. # Every time this amount of time has elapsed, since the service started, a new dump file will be created. # This only applies if dumpfile_rot is set to 'time' dumpfile_rotation_time = 1 # Rules file : rules = /opt/nessus/etc/nessus/nessusd.rules # CGI paths to check for. Supports colon delimited list # e.g., cgi-bin:/cgi-aws:/ cgi_path = /cgi-bin:/scripts # Range of the ports the port scanners will scan : # 'default' means that Nessus will scan ports found in its # services file, 'all' will scan 1-65535 or can specify # commad-delmited ports or ranges of ports. port_range = default # Allow post scan editing (this can be defined in the policy) : allow_post_scan_editing = yes # Read timeout for the sockets of the tests : checks_read_timeout = 5 # Ports against which two plugins should not be run simultaneously : # non_simult_ports = Services/www, 139, Services/finger non_simult_ports = 139, 445, 3389 # Maximum lifetime of a plugin's activity (in seconds) : plugins_timeout = 320 # Safe checks rely on banner grabbing : safe_checks = yes # Automatically activate the plugins that are depended on # If disabled, not all plugins may run despite being selected # in a scan policy. auto_enable_dependencies = yes # If enabled, the list of plugin dependencies and their output # are not included in the report. silent_dependencies = yes # Save the knowledge base on disk : # Can admin users upload plugins? plugin_upload = yes # If this option is set, Nessus will not scan a network incrementally # (10.0.0.1, then 10.0.0.2, 10.0.0.3 and so on..) but will attempt to # slice the workload throughout the whole network (ie: it will scan # 10.0.0.1, then 10.0.0.127, then 10.0.0.2, then 10.0.0.128 and so on... slice_network_addresses = no # IPv4 address to listen for incoming connections : listen_address = 0.0.0.0 # Source IPs to use when running on a multi-homed host. If multiple # IPs are provided, Nessus will cycle through them whenever it performs # a new connection #source_ip = 192.168.0.1,192.168.0.2 # Port for the Nessus Web Server to listen to (new XMLRPC protocol) : xmlrpc_listen_port = 8834 # XMLRPC Idle Session Timeout (in min) : xmlrpc_idle_session_timeout = 30 # Make sure compatible SSL ciphers are available when connecting to port # 8834. Supports general OpenSSL designations as listed at # http://www.openssl.org/docs/apps/ciphers.html. #ssl_cipher_list = compatible # Minimum TLS version for the web server : ssl_mode = tls_1_2 # Disable the new XMLRPC (Web Server) interface : disable_xmlrpc = no # Should consider all the NASL scripts as being signed ? (unsafe if set to 'yes') nasl_no_signature_check = no # nasl engine output (in nessusd.dump) : none or normal nasl_log_type = normal # Network performance settings (These settings should not be changed unless you # are absolutely sure you know what they do and how it may impact scan activity!) # If set to non-zero, this defines the maximum number of scans which may take place in parallel : global.max_scans = 0 # If set to non-zero, this defines the maximum of (web) users who can connect in parallel : global.max_web_users = 1024 # Maximum of simulteanous TCP sessions between all scans : #global.max_simult_tcp_sessions = 2000 # Maximum of simulteanous TCP sessions per scan : #max_simult_tcp_sessions = 200 # Maximum of simulteanous TCP sessions per scanned host : #host.max_simult_tcp_sessions = 20 # Reduce the number of TCP session in parallel when the network appears to be congested : reduce_connections_on_congestion = no # Stop scanning a host which seems to have been disconnected during the scan : stop_scan_on_disconnect = no # Kill a paused scan after how many minutes (0 for no timeout) #paused_scan_timeout = 240 # Anonymously report crashes to Tenable. We encourage this to be # enabled in order to better debug issues and provide the highest # quality software possible. ** No personal or system identifying # information is sent. ** report_crashes = yes # Memory usage # You can choose between a lower memory usage ('low') but possibly lower performances # or a higher memory usage ('high') and better performance. If you use Nessus on a # dedicated system, put 'high' here. Otherwise, put 'low'. # Note that putting 'low' will increase the disk usage qdb_mem_usage = low # EOF