1NESSUS-ADDUSER(8)                User Manuals                NESSUS-ADDUSER(8)
2
3
4

NAME

6       nessus-adduser - add a user in the nessusd userbase
7
8

SYNOPSIS

10       nessus-adduser
11
12

DESCRIPTION

14       The Nessus Security Scanner comes with its own user base which contains
15       the list of who can use the services of nessusd, and  what  restriction
16       (or rules) each user has.
17
18       nessus-adduser  is a simple program which will add a user in the proper
19       nessusd configuration files, and will send a signal to nessusd if it is
20       running to notify it of the changes.
21
22       The program is straightforward and asks for the following items:
23
24       · Login
25              the login name of the nessusd user to add
26
27
28       · Password
29              the password that the user will use to connect to nessusd
30
31
32       · Authentification type
33              the authentification method the client will use. The recommended
34              method is “cipher”. However, if you compiled nessusd without the
35              cipher  support  or  if you are using a Nessus client which does
36              not support the cipher layer, you'll have to use “plaintext”
37
38
39       · Rules
40              the set of rules to apply to the user. See below.
41
42

RULES

44       Each user has his own set of rules. Rules  are  here  to  restrict  the
45       rights  of  the  users. For instance, you can add user “joe” so that he
46       can only test the host “192.168.1.1”, whereas you can add user “bob” so
47       that he can test whatever IP address he wishes.
48
49       Each  rule  fits  on  one  line. A user can have an unlimited amount of
50       rules (and can even have no rule at all).
51
52       The syntax is:
53              accept|deny ip/mask
54       and
55              default accept|deny
56
57       Where mask is the CIDR netmask of the rule.
58
59       The default statement must be the last rule and defines the  policy  of
60       the user.
61
62       The  following  rule  set  will  allow the user to test 192.168.1.0/24,
63       192.168.3.0/24 and 172.22.0.0/16, but nothing else:
64              accept 192.168.1.0/24
65              accept 192.168.3.0/24
66              accept 172.22.0.0/16
67              default deny
68
69       The following rule set will allow the user to test whatever  he  wants,
70       except the network 192.168.1.0/24:
71              deny 192.168.1.0/24
72              default accept
73
74       The  keyword client_ip has been defined, and is replaced at run time by
75       the IP address of the nessusd user. For  instance,  if  you  want  your
76       users  to  be  able  to only be able to scan the system they come from,
77       then you want them to have the following ruleset:
78              accept client_ip
79              default deny
80
81

SEE ALSO

83       nessus-rmuser(8), nessusd(8), nessus(1)
84
85

MORE INFORMATION ABOUT THE NESSUS PROJECT

87       The canonical places where you will find  more  information  about  the
88       Nessus project are:
89              http://www.nessus.org/ ⟨⟩ (Official site)
90              http://cvs.nessus.org ⟨⟩ (Developers site)
91
92
93

AUTHOR

95       nessus-adduser   was   quickly   written  by  Renaud  Deraison  <derai‐
96       son@cvs.nessus.org>
97
98

BUGS

100       nessus-adduser creates temporary files in $TMPDIR/.  If  this  variable
101       is  not  set,  then  it  will use /var/tmp which may be a security risk
102       depending of your configuration.
103
104       If you set your TMPDIR variable to /tmp, then you are in trouble.
105
106
107
108The Nessus Project                April 2000                 NESSUS-ADDUSER(8)
Impressum