Nessus 5.0 Installation and Configuration Guide - Tenable Network
Nessus 5.0 Installation and Configuration Guide - Tenable Network
Nessus 5.0 Installation and Configuration Guide - Tenable Network
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
ENABLE CONNECTIONS WITH SMART CARD, OR CAC CARD<br />
Once the CAcert for the smart card, CAC, or similar device has been put in place,<br />
corresponding users must be created to match within <strong>Nessus</strong>. During this process, the users<br />
created must match the CN used on the card with which the user will use to connect.<br />
1. On the <strong>Nessus</strong> server, run the nessus-mkcert-client comm<strong>and</strong>.<br />
Linux/Unix:<br />
# /opt/nessus/sbin/nessus-mkcert-client<br />
Windows (Run as a local Administrator user):<br />
C:\> \Program Files\<strong>Tenable</strong>\<strong>Nessus</strong>\nessus-mkcert-client.exe<br />
2. Fill in the fields as prompted. The process is identical on a Linux/Unix or Windows<br />
server. The user name must match the CN supplied by the certificate on the card.<br />
Do you want to register the users in the <strong>Nessus</strong> server as soon as you<br />
create their certificates ? [n]: y<br />
---------------------------------------------------------------------------<br />
----<br />
Creation <strong>Nessus</strong> SSL client Certificate<br />
---------------------------------------------------------------------------<br />
----<br />
This script will now ask you the relevant information to create the SSL<br />
client certificates for <strong>Nessus</strong>.<br />
Client certificate life time in days [365]:<br />
Your country (two letter code) [US]:<br />
Your state or province name [NY]: MD<br />
Your location (e.g. town) [New York]: Columbia<br />
Your organization []: Content<br />
Your organizational unit []: <strong>Tenable</strong><br />
**********<br />
We are going to ask you some question for each client certificate<br />
If some question have a default answer, you can force an empty answer by<br />
entering a single dot '.'<br />
*********<br />
User #1 name (e.g. <strong>Nessus</strong> username) []: squirrel<br />
Should this user be administrator? [n]: y<br />
Country (two letter code) [US]:<br />
State or province name [MD]:<br />
Location (e.g. town) [Columbia]:<br />
Organization [Content]:<br />
Organizational unit [<strong>Tenable</strong>]:<br />
e-mail []:<br />
User rules<br />
----------<br />
nessusd has a rules system which allows you to restrict the hosts that<br />
firstuser has the right to test. For instance, you may want him to<br />
be able to scan his own host only.<br />
Please see the nessus-adduser(8) man page for the rules syntax<br />
Copyright © 2002-2012 <strong>Tenable</strong> <strong>Network</strong> Security, Inc.<br />
53