Re: Resuming Scans

On Wed, Jan 10, 2007 at 09:24:06PM -0800, Larry Petty wrote:

> I'm trying to figure out exactly how the knowledge base works. Below are my
> current settings. If I launch a scan and then kill it half way through, I
> can re-launch the scan and it skips over the addresses already scanned
> picking up where the scan was stopped. I can then look at the output file
> and have a complete report.

That sounds more or less right. The only quibble I have involves "a 
complete report". I'd expect the report would only contain information 
obtained from when you resumed the scan, not anything that was obtain 
before the scan was terminated half-way through. You should be able to 
verify this with the help of nessusd.messages.

> If I launch another scan on the same hosts before the kb_max_age expires,
> the scan doest not run. I end up having a blank output file. 

That's because you're using the KB and you have the four kb_dont_replay* 
settings enabled. [Actually, you might still get a report if you add 
*new* plugins to the server and those generate a report.]

> Is there any documentation that
> explains how this works?

There's a full chapter about the Knowledge Base in "Nessus Network 
Auditing". Or you could refer to edgeos Security's Nessus Knowledge 
Base, <http://www.edgeos.com/nessuskb/> (and ignore the link to 
<http://www.nessus.org/doc/kb_saving.html>, which is no longer accurate).

George
--
theall@tenablesecurity.com
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus