Nessus Configuration: Part Two

Nessus configurationThe Nessus GUI configuration menu contains several configurable options. For example, this is where the maximum number of checks and hosts being scanned at one time, the resource you want nessusd to use and the speed at which data should be read are all specified, as well as many other options. These settings should be reviewed and modified appropriately based on your scanning environment.

Nessus Configuration: max_hosts and max_checks

In particular, the max_hosts and max_checks values can have a great impact on your Nessus system’s ability to perform scans, as well as those systems being scanned for vulnerabilities on your network. Pay particular attention to these two settings.

Default Values for max_hosts/max_checks

Option Value
max_hosts 40
max_checks 5

Note that these settings will be overridden on a per-scan basis if you are using Tenable’s SecurityCenter or write a custom policy in the Nessus user interface. To view or modify these options for a scan template in SecurityCenter, edit a Scan Template’s “Scan Options”. in the Nessus user interface, edit the scan policy and then click on the “Options” tab.


It should be noted that the max_checks parameter has a hardcoded limit of 15. Any value over 5 will frequently lead to adverse effects as most servers cannot handle that many intrusive requests at once.

As the name implies, max_hosts is the maximum number of target systems that will be scanned at any one time. The greater the number of simultaneously scanned systems by an individual Nessus scanner, the more taxing it is on that scanner system’s RAM, processor, and network bandwidth. Take into consideration the hardware configuration of the scanner system and other applications running on it when setting the max_hosts value.

As a number of other factors that are unique to your scanning environment will also affect your Nessus scans, experimentation will provide you with the optimal setting for max_hosts.

max_checks is the number of simultaneous checks or plugins that will run against a single target host during a scan. Note that setting this number too high can potentially overwhelm the systems you are scanning sepending on which plugins you are using in the scan.

Multiply max_checks by max_hosts to find the number of concurrent checks that can potentially be running at any given time during a scan. Because max_checks and max_hosts are used in concert, setting max_checks too high can also cause resource constraints on a Nessus scanner. As with max_hosts, experimentation will provide you with the optimal setting for max_checks, but it is recommended that this always be set relatively low.

Here is a selective list of some other Nessus configuration options:

Option Description
auto_update Automatic plugin updates. If enabled and Nessus is registered, then fetch the newest plugins from plugins.nessus.org automatically. Disable if the scanner is on an isolated network not able to reach the Internet.
dumpfile Location of a dump file for debugging output if generated.
enable_listen_ipv4 Directs Nessus to listen on IPv4.
enable_listen_ipv6 Directs Nessus to listen on IPv6 if the system supports IPv6 addressing.
logfile Where the Nessus log file is stored.
optimize_test Optimize the test procedure. Changing this to “no” will cause scans to take longer and typically generate more false positives.
port_range Range of the ports the port scanners will scan. Can use keywords “defaut” or “all”, as well as a comma-delimited list of ports or ranges of ports.
xmlrpc_listen_port Port for the Nessus web server to listen to (XMLRPC protocol).

External Links:

Nessus Documentation at www.tenable.com

Be Sociable, Share!

Speak Your Mind

*

© 2013 David Zientara. All rights reserved. Privacy Policy