TOC & Recently Viewed

Recently Viewed Topics

The "info" Field

The optional info field can be used to label each audit field with one or more external references. For example, this field will be used to place references from NIST CCE tags as well as CIS specific audit requirements. These external references are printed out in the final audit performed by Nessus and will be displayed in the Nessus report or through the SecurityCenter user interface.

Following is an example password audit policy that has been augmented to list references to a fictitious corporate policy:



description: "Password History: 24 passwords remembered"

value_type: POLICY_DWORD

value_data: [22..MAX] || 20


info: "Corporate Policy 102-A"


If multiple policy references are required for a single audit, the string specified by the info keyword can make use of the \n separator to specify multiple strings. For example, consider the following audit:



description: "Accounts: Rename Administrator account"

value_type: POLICY_TEXT

value_data: "Administrator"


check_type: CHECK_NOT_EQUAL

info: 'Ron Gula Mambo Number 5\nCCE-60\nTenable Best Practices Policy 1005-a'


When run with the nasl command line tool, this audit function produces the following output:

# /opt/nessus/bin/nasl -t ./compliance_check.nbin

Windows Compliance Checks, version 2.0.0

Which file contains your security policy : ./test_v2.audit

SMB login : Administrator

SMB password :

SMB domain (optional) :

"Accounts: Rename Administrator account": [FAILED]

Ron Gula Mambo Number 5


Tenable Best Practices Policy 1005-a

Remote value: "Administrator"

Policy value: "administrator"

Copyright 2017 Tenable, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trademarks of Tenable, Inc.  Tenable,, Assure, and The Cyber Exposure Company are trademarks of Tenable, Inc.  All other products or services are trademarks of their respective owners.