192 lines
6.4 KiB
Plaintext
192 lines
6.4 KiB
Plaintext
#
|
|
# Configuration file of the Nessus Security Scanner
|
|
#
|
|
|
|
|
|
# Any line starting with a '#' is a comment and will be
|
|
# ignored by the Nessus Scanner
|
|
|
|
|
|
# Automatic plugins updates - if enabled and Nessus is registered, then
|
|
# fetch the newest plugins from plugins.nessus.org automatically. Disable
|
|
# if the scanner is on an isolated network not able to reach the Internet.
|
|
auto_update = yes
|
|
|
|
# Number of hours to wait between two updates
|
|
auto_update_delay = 24
|
|
|
|
# Maximum number of simultaneous hosts tested :
|
|
max_hosts = 100
|
|
global.max_hosts = 1499
|
|
|
|
# Maximum number of simultaneous checks against each host tested :
|
|
max_checks = 5
|
|
|
|
# Log file :
|
|
logfile = /opt/nessus/var/nessus/logs/nessusd.messages
|
|
|
|
# The maximum number of log files kept on disk.
|
|
# If the number exceeds the value, the oldest log file will be deleted.
|
|
logfile_max_files = 100
|
|
|
|
# Specifies the type of log file rotation applied to the Nessus Log File.
|
|
# Can be 'size' or 'time'
|
|
logfile_rot = size
|
|
|
|
# Specifies the maximum size of the log file in megabytes (MB).
|
|
# If file size exceeds the maximum size, a new log file will be created.
|
|
# This only applies if logfile_rot is set to 'size'
|
|
logfile_max_size = 512
|
|
|
|
# Specifies how many days between log rotations.
|
|
# Every time this amount of time has elapsed, since the service started, a new log file will be created.
|
|
# This only applies if logfile_rot is set to 'time'
|
|
logfile_rotation_time = 1
|
|
|
|
# Web Server (user interface) log file :
|
|
www_logfile = /opt/nessus/var/nessus/logs/www_server.log
|
|
|
|
# Shall we log every details of the attack ? (disk intensive)
|
|
log_whole_attack = no
|
|
|
|
# Dump file for debugging/errors output
|
|
dumpfile = /opt/nessus/var/nessus/logs/nessusd.dump
|
|
|
|
# The maximum number of dump files kept on disk.
|
|
# If the number exceeds the value, the oldest dump file will be deleted.
|
|
dumpfile_max_files = 100
|
|
|
|
# Specifies the type of log file rotation applied to the Nessus Dump File.
|
|
# Can be 'size' or 'time'
|
|
dumpfile_rot = size
|
|
|
|
# Specifies the maximum size of the dump file in megabytes (MB).
|
|
# If file size exceeds the maximum size, a new dump file will be created.
|
|
# This only applies if dumpfile_rot is set to 'size'
|
|
dumpfile_max_size = 512
|
|
|
|
# Specifies how many days between dump file rotations.
|
|
# Every time this amount of time has elapsed, since the service started, a new dump file will be created.
|
|
# This only applies if dumpfile_rot is set to 'time'
|
|
dumpfile_rotation_time = 1
|
|
|
|
# Rules file :
|
|
rules = /opt/nessus/etc/nessus/nessusd.rules
|
|
|
|
# CGI paths to check for. Supports colon delimited list
|
|
# e.g., cgi-bin:/cgi-aws:/
|
|
cgi_path = /cgi-bin:/scripts
|
|
|
|
# Range of the ports the port scanners will scan :
|
|
# 'default' means that Nessus will scan ports found in its
|
|
# services file, 'all' will scan 1-65535 or can specify
|
|
# commad-delmited ports or ranges of ports.
|
|
port_range = default
|
|
|
|
# Allow post scan editing (this can be defined in the policy) :
|
|
allow_post_scan_editing = yes
|
|
|
|
# Read timeout for the sockets of the tests :
|
|
checks_read_timeout = 5
|
|
# Ports against which two plugins should not be run simultaneously :
|
|
# non_simult_ports = Services/www, 139, Services/finger
|
|
non_simult_ports = 139, 445, 3389
|
|
# Maximum lifetime of a plugin's activity (in seconds) :
|
|
plugins_timeout = 320
|
|
|
|
|
|
# Safe checks rely on banner grabbing :
|
|
safe_checks = yes
|
|
|
|
|
|
# Automatically activate the plugins that are depended on
|
|
# If disabled, not all plugins may run despite being selected
|
|
# in a scan policy.
|
|
auto_enable_dependencies = yes
|
|
|
|
|
|
# If enabled, the list of plugin dependencies and their output
|
|
# are not included in the report.
|
|
silent_dependencies = yes
|
|
# Save the knowledge base on disk :
|
|
# Can admin users upload plugins?
|
|
plugin_upload = yes
|
|
|
|
|
|
# If this option is set, Nessus will not scan a network incrementally
|
|
# (10.0.0.1, then 10.0.0.2, 10.0.0.3 and so on..) but will attempt to
|
|
# slice the workload throughout the whole network (ie: it will scan
|
|
# 10.0.0.1, then 10.0.0.127, then 10.0.0.2, then 10.0.0.128 and so on...
|
|
slice_network_addresses = no
|
|
|
|
# IPv4 address to listen for incoming connections :
|
|
listen_address = 0.0.0.0
|
|
|
|
# Source IPs to use when running on a multi-homed host. If multiple
|
|
# IPs are provided, Nessus will cycle through them whenever it performs
|
|
# a new connection
|
|
#source_ip = 192.168.0.1,192.168.0.2
|
|
|
|
# Port for the Nessus Web Server to listen to (new XMLRPC protocol) :
|
|
xmlrpc_listen_port = 8834
|
|
|
|
# XMLRPC Idle Session Timeout (in min) :
|
|
xmlrpc_idle_session_timeout = 30
|
|
|
|
# Make sure compatible SSL ciphers are available when connecting to port
|
|
# 8834. Supports general OpenSSL designations as listed at
|
|
# http://www.openssl.org/docs/apps/ciphers.html.
|
|
#ssl_cipher_list = compatible
|
|
|
|
# Minimum TLS version for the web server :
|
|
ssl_mode = tls_1_2
|
|
|
|
# Disable the new XMLRPC (Web Server) interface :
|
|
disable_xmlrpc = no
|
|
|
|
# Should consider all the NASL scripts as being signed ? (unsafe if set to 'yes')
|
|
nasl_no_signature_check = no
|
|
|
|
# nasl engine output (in nessusd.dump) : none or normal
|
|
nasl_log_type = normal
|
|
|
|
# Network performance settings (These settings should not be changed unless you
|
|
# are absolutely sure you know what they do and how it may impact scan activity!)
|
|
|
|
# If set to non-zero, this defines the maximum number of scans which may take place in parallel :
|
|
global.max_scans = 0
|
|
|
|
# If set to non-zero, this defines the maximum of (web) users who can connect in parallel :
|
|
global.max_web_users = 1024
|
|
|
|
# Maximum of simulteanous TCP sessions between all scans :
|
|
#global.max_simult_tcp_sessions = 2000
|
|
# Maximum of simulteanous TCP sessions per scan :
|
|
#max_simult_tcp_sessions = 200
|
|
# Maximum of simulteanous TCP sessions per scanned host :
|
|
#host.max_simult_tcp_sessions = 20
|
|
|
|
# Reduce the number of TCP session in parallel when the network appears to be congested :
|
|
reduce_connections_on_congestion = no
|
|
# Stop scanning a host which seems to have been disconnected during the scan :
|
|
stop_scan_on_disconnect = no
|
|
# Kill a paused scan after how many minutes (0 for no timeout)
|
|
#paused_scan_timeout = 240
|
|
|
|
# Anonymously report crashes to Tenable. We encourage this to be
|
|
# enabled in order to better debug issues and provide the highest
|
|
# quality software possible. ** No personal or system identifying
|
|
# information is sent. **
|
|
report_crashes = yes
|
|
|
|
# Memory usage
|
|
# You can choose between a lower memory usage ('low') but possibly lower performances
|
|
# or a higher memory usage ('high') and better performance. If you use Nessus on a
|
|
# dedicated system, put 'high' here. Otherwise, put 'low'.
|
|
# Note that putting 'low' will increase the disk usage
|
|
qdb_mem_usage = low
|
|
|
|
|
|
|
|
# EOF
|