Command Line Examples

This section provides some examples of common audits used for Cisco iOS compliance checks. The nasl command line binary is used as a quick means of testing audits on the fly. Each of the .audit files demonstrated below can easily be dropped into your Nessus scan policies. For quick audits of one system, however, command-line tests are more efficient. The command will be executed each time from the /opt/nessus/bin directory as follows:

# ./nasl -t <IP> /opt/nessus/lib/nessus/plugins/cisco_compliance_check.nbin

where <IP> is the IP address of the system to be audited.

The “enable” password is requested:

Which file contains your security policy ? cisco_test.audit

SSH login to connect with : admin

How do you want to authenticate ? (key or password) [password]

SSH password :

Enter the 'enable' password to use :

Consult your Cisco administrator for the correct “enable” login parameters.

This section includes the following information: