Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. Nessus>
  3. users
FDCC results
richardpuerto at gmail
Feb 23, 2009, 8:56 AM
Post #1 of 2 (6453 views)
Permalink
I have run the Windows XP Desktop v.2 audit files on my workstations and
have found that many of them are failing because the configuration does not
exactly match the configuration in the Nessus audit compliance file.

Are the audit compliance files not scripted to be inclusive, meaning that a
configuration on the target host can be stricter than what FDCC requires,
with out it showing up as a failure in the compliance scan?

Richard
Re: FDCC results [ In reply to ]
rgula at tenablesecurity
Feb 23, 2009, 10:48 AM
Post #2 of 2 (5990 views)
Permalink
Richard Puerto wrote:
> I have run the Windows XP Desktop v.2 audit files on my workstations and
> have found that many of them are failing because the configuration does not
> exactly match the configuration in the Nessus audit compliance file.
>
> Are the audit compliance files not scripted to be inclusive, meaning that a
> configuration on the target host can be stricter than what FDCC requires,
> with out it showing up as a failure in the compliance scan?
>
> Richard

hi Richard,

This would be a great discussion for the new discussions group.

https://discussions.nessus.org/

Please post it there.

The short of it is, if the underlying XCCDF file states a value, then
we test for that value. If the XCCDF policy said > value or a range
or whatever, we've reflected that in the .audit file.

Ron Gula
Tenable Network Security






_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal