Differences

This shows you the differences between two versions of the page.

@@ Line 1: / Line 1: @@
+Question: How do I perform backend admin functions.
+	Answer: Login/su to root, cd /opt/Inprotect/sbin/ backend script is nessusCron_1.60.pl view usage as such
+[root@fs1 sbin]# ./nessusCron_1.60.pl
+-------------------------------------------------------------------------------------
+  NESSUSCRON     ::    Inprotect Job Manager for Nessus    ::    VERSION: 1.64
+-------------------------------------------------------------------------------------
+        USAGE: ./nessusCron.pl [-cdij:k:l:no:qr:st:u:v:w:h?]
+          -d :: Enable Full Debug to Log and Leave Temp Files in Place after scan
+          -c :: Process Work in Queue via Nessus Client Mode
+          -s :: Process Work in Queue via ScanLite Mode
+          -r :: Reset Kill all jobs (REQUIRES ARGUMENT 'yes')
+               EX: ./nessusCron.pl -r yes
+          -i :: Import Scan Report in nbe format
+                -t : TargetFile /Path/Name
+                -o : OutFile /Path/Name
+                -j : JobType [C|M|R|S] (Cron/Manual/Request/Scheduler)
+                -k : JobName
+               EX: ./nessusCron.pl -i -t /tmp/targets -o /tmp/nessus_test.out -j C -k "My Server Farm"
+          -q :: Queue Subnets for Scanning !!Warning: (gun owners) this is nessus full-auto equiv!!
+                -l : [ORG|AUDIT] list available ORG/AUDIT names
+                -t : [now|20070101000000] (queue all subnets not scanned since [TIME]
+                -o : [ORG] - additional filter subnets queued to only selectED [ORG]
+                -n : override default [enabled] scan notifications to [DISABLED]
+                -u : [CREDID]  - override default credential id for scanning
+                -v : [VSET]    - override defaultVSET for Queue
+                -w : [WINAUDIT] /PATH/NAME of Windows Compliance Audit to Run
+                      if ( ! $winaudit =~ /^// ) { $winaudit = "$config{winAuditDir)/$winaudit"; }
+               EX: ./nessusCron.pl -q -o Finance -t now
+               EX: ./nessusCron.pl -q -t now -n -u 31 -v 3 -w FDCC_v90_v2.audit
+          -h :: Get This Help
+        Nessus Cron is the backend interface to managing scans. nessus cron will provide a number of inprotect functions.
+        By default, this should be implemented in scanlite in the following format:
+        */1 * * * * /usr/bin/perl /var/www/Eprotect/sbin/nessusCron_1.00.pl -s > /dev/null 2>&1
+        Additional Tasks include:
+                Queueing all or individual subnet zones based on dt last scanned
+                Inprotect Reset
+                Import Reports (Typically due to exceeding long scans  failed jobs  etc )
+Question: Running count on the dashboard is “0” and Running scans has one or more entry.
+	Answer: (The count is determined by counting nessusCron processes / apache may not be allowing shell_exec().  Check this manually to see if there is actually an issue by
+[ps –ef | grep nessusCron | grep –v | wc –l ] = count
+Count number of entries in the browser if count is within one [ script starts every minute / process may have no work to do ( so the Running Scans will be 1 less ) ] all is well
+Question: Scan kicks off never shows up under running jobs
+	Answer: Likely db schema and front-end code are out of sync, a wrong table schema is causing the scan to fail or a bug in the nessusCron backend script exists.  Troubleshooting should be done by running in debug mode as such [ ./nessusCron_1.10.pl -d –s ]
+Question: Numerous Jobs are in status of Running and no nessusCron processes exists per [ps –ef | grep nessusCron | grep –v | wc –l ] = 0
+	Answer: Something is wrong with nessusCron.pl or potentially a server failed while a scan is running and / or mysql database shutdown / restarted.  Eventually will invest in code to detect / prevent failure by detecting and waiting for database to come back on line.  All running scans should be flagged as complete/failed through an Inprotect reset by
+[./nessusCron_1.10.pl –r yes]
+Question: How do I queue all subnets for the monthly scans
+	Answer: [./nessusCron_1.10.pl –q –t now
+Question: What about importing reports?
+	Answer:   Importing reports in the current build is really only needed when you have to use a portable node to scan a host and you can not get access to the network from the central node.  So a manual job is run via command-line using an export of a known profile.  The results are written to disk, which then can be brought back to the central node for import into the database.
+Question:  How do I run compliance audits?
+	Answer:  Well first you need to have a direct feed.  Direct feeds provide access to the following three plugins:
+– Windows Compliance Checks
+– Windows File Contents Compliance Checks
+– Unix Compliance Checks
+Additionally you need to upload various audit files to directories as configured via the Inprotect Settings Compliance location directory variables
+example: (defaults)
+	Unix checks: /opt/Inprotect/usr/share/Inprotect/compliance/unix
+	 Win checks: /opt/Inprotect/usr/share/Inprotect/compliance/win
+      Win File checks: /opt/Inprotect/usr/share/Inprotect/compliance/win_file_contents
+Additionally requires enabling compliance checks under Inprotect Settings.  Currently a profile needs selected with those checks enabled.  Future revevs compliances checks will will automatically filter availables servers list to those with direct feeds only.  Limit profiles to that with the aforementioned plugins enabled ( or automatically append them to the plugins list ).  Furthermore will ensure a credential was supplied as part of the validation steps.  For now ensure you setup all the prerequisites.

Inprotect

User Tools

Site Tools

Differences

Page Tools