http://www.nessus.org/ Configuration Auditing Updates for Nessus http://www.nessus.org/images/RssLogo.jpg http://www.nessus.org/
The first is titled 'AIX Best Practices' and is based loosely on the Center for Internet Security CIS_AIX_Benchmark_v1.0.1 best practices guide. This guide referenced an older version of AIX. The new AIX audit policy from Tenable is applicable for modern AIX deployments and performs comparable CIS style audits.

The second AIX policy is for PCI configuration auditing. It is aptly named 'PCI AIX'. Although Tenable recommends Center for Internet Security policies for more comprehensive auditing, the PCI audit polices focus on the minimal settings required for PCI.

Both of these AIX audit policies are available on the Tenable Support Portal by logging in, clicking on Downloads, then by clicking on Download Configuration Audit Polices.

Each of these new audit policies also makes use of some new APIs available for the UNIX compliance checks. If you are testing or trying these plugins, but sure to update your plugins prior to running these. The new APIs include support for the "info" keyword which allows more information to be generated in the Nessus report about the specific item being audited.

More info]]> http://www.tenablesecurity.com/news/rssview.php?id=153 2008-07-04T12:44:00-04:00
The certified audit policy is now available on the Support Portal. To obtain the policy, click on 'Downloads', then click on 'Download CIS Compliance Audit Files' and then look for the 'Solaris 10 v4.0' audit policy.

To use this policy with Nessus, save the audit file to the system running the Nessus Client and create a scan policy that makes use of this new audit for Solaris 10.

To use this policy with Security Center 3.4, as an administrator, upload the new audit policy and then create one or more vulnerabilities policies which make use of the Solaris 10 audit.
More info]]> http://www.tenablesecurity.com/news/rssview.php?id=148 2008-07-04T14:44:00-04:00
To obtain the tool, log into the Customer Portal at the below link, choose 'Downloads', then choose 'Download Compliance Checks Tools' and then WNPC-1.0.5.exe download.

The WNPC allows Windows users and administrators to create a Nessus .audit file from the current running settings of a Windows system.


More info]]> http://www.tenablesecurity.com/news/rssview.php?id=147 2008-07-04T13:44:00-04:00
The updated tool is available on the Tenable Customer Portal by clicking on the "Download" button and then the "Download Compliance Checks Tools" button.
More info]]> http://www.tenablesecurity.com/news/rssview.php?id=136 2008-07-04T22:44:00-04:00
Security Center customers that wish to perform FDCC certified audits and reporting to NIST, can email support@tenablesecuritiy.com to request a copy of the new xTool. The xTool allows conversion of XCCDF SCAP content to Nessus .audit policies which can be loaded into the Security Center. Results from the Security Center audit can also also be then loaded back into the xTool to produce an FDCC XML report for submission to NIST.

The Tenable blog entry below provides more detail on how this process works. An extensive document which has step-by-step guides to performing FDCC auditing with the Security Center is also available.

More info]]> http://www.tenablesecurity.com/news/rssview.php?id=135 2008-07-04T21:44:00-04:00 Customer Support Portal.

Version 1.0.4 now supports version 2 of the Windows compliance checks.

To obtain the updated tool, log into the support portal, click on the 'Downloads' button and then the 'Download Compliance Check Tools' button.

The link below points to an original Tenable Blog entry about Windows Nessus Policy Creator usage.
More info]]> http://www.tenablesecurity.com/news/rssview.php?id=125 2008-07-04T12:44:00-05:00 Center for Internet Security benchmarks:

• Windows 2000 Server Level 2 Benchmark v2.2.1


• Windows 2000 Level 1 Benchmark v1.2.2

These policies are available to Direct Feed and Security Center customers by logging into the Tenable Support Portal, clicking on the 'Downloads' button, and then the 'Download CIS Compliance and Audit Files'.

More info]]> http://www.tenablesecurity.com/news/rssview.php?id=124 2008-07-04T21:44:00-05:00 Center for Internet Security (CIS) released the Windows 2003 v2.0 benchmark which replaced the previous v1.2 benchmark.

Tenable has received CIS certification to perform audits of Windows 2003 servers against the v2.0 benchmark with the Security Center and Nessus.

The updated Windows 2003 audit polices are now available at the Customer Support Portal. Once logged in, select the 'Downloads' button, then the 'Download CIS Compliance and Audit Files'.

These policies should be used in any future Nessus Direct Feed scans or should be added to the Security Center and made part of existing or new vulnerability scan policies.


More info]]> http://www.tenablesecurity.com/news/rssview.php?id=123 2008-07-04T20:44:00-05:00
Along with this upgrade, all UNIX based CIS audit polices have been modified to account for this new functionality. If you are currently using any of the following polices, please log into the Customer Support Portal and upgrade to the most recent policy:

• CIS_Redhat_ES4_105.audit


• CIS_SuSE_9_v1.audit


• CIS_Solaris_9_v13.audit

These updated policies should be downloaded and used in your Nessus Direct Feed scans or saved to your Security Center in the /opt/sc3/admin/nasl directory.
More info]]> http://www.tenablesecurity.com/news/rssview.php?id=122 2008-07-04T20:44:00-05:00
If you are a user of the i2a tool, you should upgrade.

The tool is available for download from the Tenable Support Portal by choosing 'Downloads', then 'Download Compliance Check Tools' and then you will see the i2a download link alongside the WNPC and c2a tools.
More info]]> http://www.tenablesecurity.com/news/rssview.php?id=119 2008-07-04T15:44:00-05:00