Build precise queries to find exactly what you need
Press ESC to close
Join our next live webinar: “Advanced Nagios Monitoring Techniques” – Register Now
Your review has been submitted and is pending approval.
This is a check to download and parse a given Nessus scan (see http://www.tenable.com/products/nessus-vulnerability-scanner) and return the number of critical and high vulnerabilities.
Current Version
Last Release Date
2015-02-20
Owner
Justin Miller
License
GPL
Compatible With
The plugin currently supports setting a threshold against only critical, but I may improve this to set a threshold for high at some point. Performance data is returned, giving critical, high, and medium vulnerabilities. Compatibility: Tested on Nessus 6.2.1. Plugin tested on Ubuntu 12.04 and OSX Darwin. May work on other Linux / UNIX type platforms. Dependancies: Requires the jq json parsing utility. Requires curl. Usage: ./check_nessus_report.sh -h Usage: ./check_nessus_report.sh -s SERVER:PORT -C CREDENTIALS_FILE -t "TARGET_SCAN" -w WARNING_THRESHOLD -c CRITICAL_THRESHOLD CREDENTIALS_FILE should be readable by the user that runs this script, the first line should be username, and second line should be the password. e.g. myNessusUsername myPassword Options: (Required) -s SERVER:PORT (e.g. nessus.mydomain.net:8834 ) -C CREDENTIALS_FILE path (e.g. /etc/.my_creds ) -t TARGET_SCAN (e.g. "My Daily Network Scan" ) (Optional) -w WARNING_THRESHOLD (number of critical vulnerabilities, integer, defaults to 999) -c CRITICAL_THRESHOLD (number of critical vulnerabilities, integer, defaults to 999) -h Display help / usage Example: ./check_nessus_report.sh -s nessus.mydomain.net:8834 -C /etc/.my-credentials -t "My Daily Network Scan" -w 5 -c 10
I modified the end of this to give critical to any critical issues. Then if nothing critical, it checks for any high alerts which outputs as a warning. ########### if [[ $CRIT_VULNS -gt $CRITICAL_THRESHOLD ]]; then echo "CRITICAL - There are $CRIT_VULNS critical and $HIGH_VULNS high vulnerabilities in $TARGET_SCAN. | $PERF_DATA" exit 2 elif [[ $HIGH_VULNS -gt $WARNING_THRESHOLD ]]; then echo "WARNING - There are $CRIT_VULNS critical and $HIGH_VULNS high vulnerabilities in $TARGET_SCAN. | $PERF_DATA" exit 1 else echo "OK - There are $CRIT_VULNS critical and $HIGH_VULNS high vulnerabilities in $TARGET_SCAN. | $PERF_DATA" exit 0 fi echo "UNKNOWN - Check script output" exit 3
You must be logged in to submit a review.
To:
From: