Monday, June 25, 2012

Scanning Auth Overtime



I have a job I am currently working that requires authenticated scans and I am sure a number of you might start running into this now that NIST 800-53 requires Authenticated scans for High systems.

Now its one thing to put credentials into a scanner and say you authenticated, but did the scanner authenticate and what happens when your scanning a large system and you have hundreds of scan files?

This script will check each host scanned for the Nessus 21745 plugin ID (Local Checks Not Run) and if this fired in any scan report for a given host give you a line for the data (all hosts with just a single grey line authenticated and are good).

As you can see below in the image if a host Failed Auth then you can check the chart to see if you had at least one authenticated scan out of your batch thus meeting the requirement.

As always I hope this is helpful.

Oh and I find when I get over say 50 .nessus files you need to allocate more memory to java on the command line so you can use a line something like this;

java -Xms32m -Xmx1024m XMLVulnOTAuthOnly *.nessus > AuthFailed.[xls/html]



No comments:

Post a Comment