Database Configuration Command Line Examples
This section provides some examples of common audits used for database compliance checks. The nasl command line binary is used as a quick means of testing audits on the fly. Each of the .audit files demonstrated below can easily be dropped into your scan policies. For quick audits of one system, however, command-line tests are more efficient. The command will be executed each time from the /opt/nessus/bin directory as follows:
# ./nasl -t <IP> /opt/nessus/lib/nessus/plugins/database_compliance_check.nbin
The <IP> is the IP address of the system to be audited.
Depending on the type of database being audited you may be prompted for other parameters beyond the audit file to be used. For example, Oracle audits will prompt for the database SID and the Oracle login type:
Which file contains your security policy : oracle.audit
login : admin
Password :
Database type: ORACLE(0), SQL Server(1), MySQL(2), DB2(3), Informix/DRDA(4), PostgreSQL(5)
type : 0
sid: oracle
Oracle login type: NORMAL (0), SYSOPER (1), SYSDBA (2)
type: 2
Consult with your database administrator for the correct database login parameters.
Example 1: Search for logins with no expiration date