Unix Compliance Check Global Settings

This section describes global settings for Unix audit files, which you can set in Tenable Nessus or Tenable Vulnerability Management. If you have multiple audit files in the scan or policy, the global setting applies to all Unix audit files. If you want to use different settings for different audits, create a separate scan or policy for each one.

To access global settings in Tenable Nessus or Tenable Vulnerability Management:

In a scan or policy, open the Compliance tab.
In the Categories drop-down box, select Unix.

Tenable Nessus displays a list of Unix audit files, or you can upload a custom Unix audit file.
Select any Unix audit file to add to the scan or policy.
Edit the Global Settings.

Docker Scan Scope

This setting controls whether the plugin runs audits against the host, docker containers on the host, or both.

Setting	Description
Only scan host (default)	Evaluates audit files against the host only. When scanning non-docker hosts, performance is not negatively impacted.
Only scan containers	Evaluates audit files against all active docker containers. Note: If you use this setting and run a scan against a non-docker host, Tenable Nessus does not scan the host.
Scan host and containers	Evaluates audit files against both the host and all active docker containers.

Setting

Description

Only scan host (default)

Evaluates audit files against the host only.

When scanning non-docker hosts, performance is not negatively impacted.

Only scan containers

Evaluates audit files against all active docker containers.

Note: If you use this setting and run a scan against a non-docker host, Tenable Nessus does not scan the host.

Scan host and containers

Evaluates audit files against both the host and all active docker containers.