One of my co-workers asked me about i2a, a utility put out by Tennable that converts .inf files to .audit files to use with Nessus. (By the way, as I understand it, i2a only works with the professional version. Audit files work with both the professional and free versions.) If you look in the Windows 7 STIG, the templates folder contains .inf files.
I copied the .inf file to the directory containing i2a. My command to create an .audit file was:
i2a-2.0.4 U_FSO_Win7_Analyze_only_V1R4.inf Win7.audit
This ran, and there were a few errors in the log file. I believe that Nessus can not perform some of the checks in the .inf file, so they are flagged.
Next, I opened up Nessus. Then, I created a new Policy: Click on Policy, Add.
I gave my scan a name, Win7, checked my options, added my credentials, checked my plugins, then clicked on preferences. Under preferences, I picked the Windows Compliance checks. Then, I browsed for my Win7.audit file and added it as Policy File #1.
After this, it was as simple as setting up a new scan and using the policy I just created. I'm going to start looking at the results to see how good a job Nessus does, and what needs to still be looked at manually.
I have tried to run the DISA STIGs audits using the XCCDF wizard with no luck. Have you have a valid STIG scan ran using Retina yet? Also, we are looking at evaluating Nessus as an additional assessment tool.
ReplyDeleteSean
W
ReplyDeleteI know what your'e saying, sometimes it gives us the hardest life at work. Back in the days when we switched to Vista everything was such a mess with Nessus.
ReplyDeletei don't think we have windows compliance option in nessus 5 homefeed. so how does one add a .audit file in nessus 5 HF.
ReplyDelete