Recently Viewed Topics
The "info" Field
info field can be used to label each audit field with one or more external references. For example, this field
will be used to place references from NIST CCE tags as well as CIS specific audit requirements. These external references are
printed out in the final audit performed by Nessus and will be displayed in the Nessus report or through the SecurityCenter
Following is an example password audit policy that has been augmented to list references to a fictitious corporate policy:
description: "Password History: 24 passwords remembered"
value_data: [22..MAX] || 20
info: "Corporate Policy 102-A"
If multiple policy references are required for a single audit, the string specified by the
info keyword can make use of the
\n separator to specify multiple strings. For example, consider the following audit:
description: "Accounts: Rename Administrator account"
info: 'Ron Gula Mambo Number 5\nCCE-60\nTenable Best Practices Policy 1005-a'
When run with the nasl command line tool, this audit function produces the following output:
# /opt/nessus/bin/nasl -t 192.168.20.16 ./compliance_check.nbin
Windows Compliance Checks, version 2.0.0
Which file contains your security policy : ./test_v2.audit
SMB login : Administrator
SMB password :
SMB domain (optional) :
"Accounts: Rename Administrator account": [FAILED]
Ron Gula Mambo Number 5
Tenable Best Practices Policy 1005-a
Remote value: "Administrator"
Policy value: "administrator"