# Configuration file of the Nessus Security Scanner # Every line starting with a '#' is a comment # Path to the security checks folder : plugins_folder = /usr/lib/nessus/plugins # User email (deprecated) : email = root@localhost # Maximum number of simultaneous tests : max_threads = 10 # Log file (or 'syslog') : logfile = /var/log/nessus/nessusd.messages # Shall we log every details of the attack ? log_whole_attack = yes # Dump file for debugging output, use `-' for stdout dumpfile = /var/log/nessus/nessusd.dmp # Rules file : rules = /etc/nessus/nessusd.rules # Users database : users = /etc/nessus/nessusd.users # Remote file plugins will attempt to read (deprecated) : test_file = /etc/passwd # CGI paths to check for (cgi-bin:/cgi-aws:/ can do) cgi_path = /cgi-bin # Deprecated options : ping_hosts = yes reverse_lookup = no host_expansion = ip # Range of the ports nmap will scan : port_range = 1-15000 # Maximum number of hosts tested : max_hosts = 1 # Optimize the test (recommanded) : optimize_test = yes # Language of the plugins : language = english # Crypto options : negot_timeout = 600 peks_username = nessusd peks_keylen = 1024 peks_keyfile = /etc/nessus/nessusd.private-keys peks_usrkeys = /etc/nessus/nessusd.user-keys peks_pwdfail = 5 track_iothreads = yes cookie_logpipe = /etc/nessus/nessusd.logpipe cookie_logpipe_suptmo = 2 # # Tests optimization : # # Read timeout for the sockets of the tests : checks_read_timeout = 15 # Time to wait for between two tests against the same port, in seconds (to be inetd friendly) : delay_between_tests = 1 cert_file=/etc/nessus/ssl/servercert.pem key_file=/etc/nessus/CA/serverkey.pem ca_file=/etc/nessus/ssl/cacert.pem # If you decide to protect your private key with a password, # uncomment and change next line # pem_password=password # If you want to force the use of a client certificate, uncomment next line # force_pubkey_auth = yes #end