# Configuration file of the Nessus Security Scanner

# Every line starting with a '#' is a comment

# Path to the security checks folder : 
plugins_folder = /usr/lib/nessus/plugins

# User email (deprecated) : 
email = root@localhost

# Maximum number of simultaneous tests : 
max_threads = 10

# Log file (or 'syslog') : 
logfile = /var/log/nessus/nessusd.messages

# Shall we log every details of the attack ?
log_whole_attack = yes

# Dump file for debugging output, use `-' for stdout
dumpfile = /var/log/nessus/nessusd.dmp

# Rules file : 
rules = /etc/nessus/nessusd.rules

# Users database : 
users = /etc/nessus/nessusd.users

# Remote file plugins will attempt to read (deprecated) : 
test_file = /etc/passwd

# CGI paths to check for (cgi-bin:/cgi-aws:/ can do)
cgi_path = /cgi-bin

# Deprecated options : 
ping_hosts = yes
reverse_lookup = no
host_expansion = ip

# Range of the ports nmap will scan : 
port_range = 1-15000

# Maximum number of hosts tested : 
max_hosts = 1

# Optimize the test (recommanded) : 
optimize_test = yes

# Language of the plugins : 
language = english

# Crypto options : 
negot_timeout = 600
peks_username = nessusd
peks_keylen = 1024
peks_keyfile = /etc/nessus/nessusd.private-keys
peks_usrkeys = /etc/nessus/nessusd.user-keys
peks_pwdfail = 5
track_iothreads = yes
cookie_logpipe = /etc/nessus/nessusd.logpipe
cookie_logpipe_suptmo = 2

#
# Tests optimization : 
#
# Read timeout for the sockets of the tests : 
checks_read_timeout = 15

# Time to wait for between two tests against the same port, in seconds (to be inetd friendly) : 
delay_between_tests = 1

cert_file=/etc/nessus/ssl/servercert.pem
key_file=/etc/nessus/CA/serverkey.pem
ca_file=/etc/nessus/ssl/cacert.pem

# If you decide to protect your private key with a password, 
# uncomment and change next line
# pem_password=password
# If you want to force the use of a client certificate, uncomment next line
# force_pubkey_auth = yes

#end