this version can perform the CIS compliance scan?

elliot-bia / nessus

nessus crack for docker

GNU General Public License v3.0

827 stars 166 forks source link

this version can perform the CIS compliance scan? #47

Open wongcc2012 opened 1 year ago

wongcc2012 commented 1 year ago

just a question. this version can perform the CIS compliance scan?

dhruvvyas25 commented 1 year ago

No, you can't perform the CIS compliance scan because it does not have compliance plugins installed.

elliot-bia commented 1 year ago

I had no working experience of CIS compliance scan , is that means Center for Internet Security ? More information will be helpful to solved this, thanks

dhruvvyas25 commented 1 year ago

Yes, The Center for Internet Security (CIS) developed a series of best practice benchmarks for a variety of applications, operating systems, servers, and databases used within organizations today.

elliot-bia commented 1 year ago

Are there any photos can show more details? For example：

dhruvvyas25 commented 1 year ago

Yes, that's the CIS scan, but in that Compliance Tab missing in the UI and that's because the nessus doesn't have compliance plugins in /opt/nessus/lib/nessus/plugins/compliance_check.

wongcc2012 commented 1 year ago

Yes you are correct there is the compliance auditing in the official version.

dhruvvyas25 commented 1 year ago

Can you add the compliance plugins in the cracked nessus ?

wongcc2012 commented 1 year ago

agree please add the compliance!

elliot-bia commented 11 months ago

Yes, that's the CIS scan, but in that Compliance Tab missing in the UI and that's because the nessus doesn't have compliance plugins in /opt/nessus/lib/nessus/plugins/_compliancecheck.

Sorry, I still don't get it. Is this help?

elliot-bia commented 11 months ago

Ah, maybe I get what you say. Unfortunately， this nessus version base on Nessus-10.x, and I think your nessus version base on something else. I'm not sure the method I used would be also works the same way

wongcc2012 commented 11 months ago

this is NOT the complete CIS scan, can you get the nessus EXPERT trial and see what's inside?

elliot-bia commented 11 months ago

My daily job doesn't involve this...Nessus-10.x is what I need🤣 I can try from nessus website, but I am not guarantee it will be work

wongcc2012 commented 11 months ago

I am also using Nessus 10.x EXPERT trial, it has the compliance tab in scanning. then I can choose different compliance / audit to check the target systems.

MY cases: most using the CIS compliance for MS windows systems.

jerrycheny commented 10 months ago

Can CIS check be added to this version?