Security

Check Nessus Scans

Write a Review

Description:

This is a check to download and parse a given Nessus scan (see http://www.tenable.com/products/nessus-vulnerability-scanner) and return the number of critical and high vulnerabilities.

Current Version

Last Release Date

2015-02-20

Compatible With

  • Nagios 3.x
  • Nagios 4.x

Owner

Justin Miller

License

GPL

Copy Page Link Recommend Login to Add to Favorites
Project Files
FileDescription
check_nessus_report.sh
Project Notes
The plugin currently supports setting a threshold against only critical, but I may improve this to set a threshold for high at some point. Performance data is returned, giving critical, high, and medium vulnerabilities. Compatibility: Tested on Nessus 6.2.1. Plugin tested on Ubuntu 12.04 and OSX Darwin. May work on other Linux / UNIX type platforms. Dependancies: Requires the jq json parsing utility. Requires curl. Usage: ./check_nessus_report.sh -h Usage: ./check_nessus_report.sh -s SERVER:PORT -C CREDENTIALS_FILE -t "TARGET_SCAN" -w WARNING_THRESHOLD -c CRITICAL_THRESHOLD CREDENTIALS_FILE should be readable by the user that runs this script, the first line should be username, and second line should be the password. e.g. myNessusUsername myPassword Options: (Required) -s SERVER:PORT (e.g. nessus.mydomain.net:8834 ) -C CREDENTIALS_FILE path (e.g. /etc/.my_creds ) -t TARGET_SCAN (e.g. "My Daily Network Scan" ) (Optional) -w WARNING_THRESHOLD (number of critical vulnerabilities, integer, defaults to 999) -c CRITICAL_THRESHOLD (number of critical vulnerabilities, integer, defaults to 999) -h Display help / usage Example: ./check_nessus_report.sh -s nessus.mydomain.net:8834 -C /etc/.my-credentials -t "My Daily Network Scan" -w 5 -c 10
Reviews (1) Add a Review
Nice work :) Slight Critical/Warning Modification
by utahluge, February 28, 2017

I modified the end of this to give critical to any critical issues. Then if nothing critical, it checks for any high alerts which outputs as a warning. ########### if [[ $CRIT_VULNS -gt $CRITICAL_THRESHOLD ]]; then echo "CRITICAL - There are $CRIT_VULNS critical and $HIGH_VULNS high vulnerabilities in $TARGET_SCAN. | $PERF_DATA" exit 2 elif [[ $HIGH_VULNS -gt $WARNING_THRESHOLD ]]; then echo "WARNING - There are $CRIT_VULNS critical and $HIGH_VULNS high vulnerabilities in $TARGET_SCAN. | $PERF_DATA" exit 1 else echo "OK - There are $CRIT_VULNS critical and $HIGH_VULNS high vulnerabilities in $TARGET_SCAN. | $PERF_DATA" exit 0 fi echo "UNKNOWN - Check script output" exit 3


Add a Review

You must be logged in to submit a review.

Thank you for your review!

Your review has been submitted and is pending approval.

Recommend

To:


From:


Thank you for your recommendation!

Your recommendation has been sent.

Page Sections
Project Overview Project Files Project Notes Reviews
Project Stats
Rating
5 (2)
Favorites
0
Views
14,058