Home Directory Plugins Security Check Nessus Scans

Search Exchange

Search All Sites

Nagios Live Webinars

Let our experts show you how Nagios can help your organization.

Contact Us

Phone: 1-888-NAGIOS-1
Email: sales@nagios.com

Login

Remember Me

Check Nessus Scans

Rating
2 votes
Favoured:
0
Last Release Date
2015-02-20
Compatible With
  • Nagios 3.x
  • Nagios 4.x
License
GPL
Hits
8424
Files:
FileDescription
check_nessus_report.shcheck_nessus_report.sh
Network Monitoring Software - Download Nagios XI
Log Management Software - Nagios Log Server - Download
Netflow Analysis Software - Nagios Network Analyzer - Download
This is a check to download and parse a given Nessus scan (see http://www.tenable.com/products/nessus-vulnerability-scanner) and return the number of critical and high vulnerabilities.
The plugin currently supports setting a threshold against only critical, but I may improve this to set a threshold for high at some point.

Performance data is returned, giving critical, high, and medium vulnerabilities.

Compatibility:
Tested on Nessus 6.2.1.
Plugin tested on Ubuntu 12.04 and OSX Darwin. May work on other Linux / UNIX type platforms.

Dependancies:
Requires the jq json parsing utility.
Requires curl.

Usage:
./check_nessus_report.sh -h

Usage: ./check_nessus_report.sh -s SERVER:PORT -C CREDENTIALS_FILE -t "TARGET_SCAN" -w WARNING_THRESHOLD -c CRITICAL_THRESHOLD

CREDENTIALS_FILE should be readable by the user that runs this script, the first line should be username,
and second line should be the password.
e.g.

myNessusUsername
myPassword

Options:

(Required)
-s SERVER:PORT (e.g. nessus.mydomain.net:8834 )
-C CREDENTIALS_FILE path (e.g. /etc/.my_creds )
-t TARGET_SCAN (e.g. "My Daily Network Scan" )

(Optional)
-w WARNING_THRESHOLD (number of critical vulnerabilities, integer, defaults to 999)
-c CRITICAL_THRESHOLD (number of critical vulnerabilities, integer, defaults to 999)
-h Display help / usage


Example:
./check_nessus_report.sh -s nessus.mydomain.net:8834 -C /etc/.my-credentials -t "My Daily Network Scan" -w 5 -c 10
Reviews (1)
I modified the end of this to give critical to any critical issues. Then if nothing critical, it checks for any high alerts which outputs as a warning.
###########
if [[ $CRIT_VULNS -gt $CRITICAL_THRESHOLD ]]; then
echo "CRITICAL - There are $CRIT_VULNS critical and $HIGH_VULNS high vulnerabilities in $TARGET_SCAN. | $PERF_DATA"
exit 2
elif [[ $HIGH_VULNS -gt $WARNING_THRESHOLD ]]; then
echo "WARNING - There are $CRIT_VULNS critical and $HIGH_VULNS high vulnerabilities in $TARGET_SCAN. | $PERF_DATA"
exit 1
else
echo "OK - There are $CRIT_VULNS critical and $HIGH_VULNS high vulnerabilities in $TARGET_SCAN. | $PERF_DATA"
exit 0
fi

echo "UNKNOWN - Check script output"
exit 3