kpriv/freebsd-ports
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
freebsd-ports/security/nessus-devel/files/nessusd.conf
Jeremy Messenger d63f58bc34 -Update to 2.1.3. 
-Fix handling of default configuration files (nessusd.conf and nessusd.rules)

PR:		ports/71899
Submitted by:	Udo Schweigert <udo.schweigert@siemens.com> (maintainer)
2004-10-14 21:19:43 +00:00

120 lines
3.3 KiB
Text
Raw Blame History

# Configuration file of the Nessus Security Scanner
# Every line starting with a '#' is a comment
# Path to the security checks folder :
plugins_folder = ${PREFIX}/lib/nessus/plugins
# Maximum number of simultaneous hosts tested :
max_hosts = 30
# Maximum number of simultaneous checks against each host tested :
max_checks = 10
# Niceness. If set to 'yes', nessusd will renice itself to 10.
be_nice = no
# Log file (or 'syslog') :
logfile = ${PREFIX}/var/nessus/logs/nessusd.messages
# Shall we log every details of the attack ?
log_whole_attack = yes
# Log the name of the plugins that are loaded by the server ?
log_plugins_name_at_load = no
# Dump file for debugging output, use `-' for stdout
dumpfile = ${PREFIX}/var/nessus/logs/nessusd.dump
# Rules file :
rules = ${PREFIX}/etc/nessus/nessusd.rules
# Users database :
users = ${PREFIX}/etc/nessus/nessusd.users
# CGI paths to check for (cgi-bin:/cgi-aws:/ can do)
cgi_path = /cgi-bin:/scripts
# Range of the ports the port scanners will scan :
# 'default' means that Nessus will scan ports found in its
# services file.
port_range = default
# Optimize the test (recommanded) :
optimize_test = yes
# Language of the plugins :
language = english
# Optimization :
# Read timeout for the sockets of the tests :
checks_read_timeout = 5
# Ports against which two plugins should not be run simultaneously :
# non_simult_ports = Services/www, 139, Services/finger
non_simult_ports = 139, 445
# Maximum lifetime of a plugin (in seconds) :
plugins_timeout = 320
# Safe checks rely on banner grabbing :
safe_checks = yes
# Automatically activate the plugins that are depended on
auto_enable_dependencies = yes
# Designate hosts by MAC address, not IP address (useful for DHCP networks)
use_mac_addr = no
#--- Knowledge base saving (can be configured by the client) :
# Save the knowledge base on disk :
save_knowledge_base = no
# Restore the KB for each test :
kb_restore = no
# Only test hosts whose KB we do not have :
only_test_hosts_whose_kb_we_dont_have = no
# Only test hosts whose KB we already have :
only_test_hosts_whose_kb_we_have = no
# KB test replay :
kb_dont_replay_scanners = no
kb_dont_replay_info_gathering = no
kb_dont_replay_attacks = no
kb_dont_replay_denials = no
kb_max_age = 864000
#--- end of the KB section
# Can users upload their plugins ?
plugin_upload = no
# Suffixes of the plugins the user can upload :
plugin_upload_suffixes = .nasl, .inc
# Name of the user who can remotely update the plugins
admin_user = root
# If this option is set, Nessus will not scan a network incrementally
# (10.0.0.1, then 10.0.0.2, 10.0.0.3 and so on..) but will attempt to
# slice the workload throughout the whole network (ie: it will scan
# 10.0.0.1, then 10.0.0.127, then 10.0.0.2, then 10.0.0.128 and so on...
slice_network_addresses = no
# Should consider all the NASL scripts as being signed ? (unsafe if set to 'yes')
nasl_no_signature_check = no
#end.
#
# Added by nessus-mkcert
#
cert_file=${PREFIX}/com/CA/servercert.pem
key_file=${PREFIX}/var/CA/serverkey.pem
ca_file=${PREFIX}/com/CA/cacert.pem
# If you decide to protect your private key with a password,
# uncomment and change next line
# pem_password=password
# If you want to force the use of a client certificate, uncomment next line
# force_pubkey_auth = yes
Reference in a new issue View git blame Copy permalink