Cover V12, I10
oct2003.tar

Listing 1 Sample configuration file included with nmap-audit distribution

##############################################################
######### nmap-audit config options
######

   ## IPS scanning definitions ##
   ips = 192.168.1.0/24
   
   ## report mailing info ##
   email-to = root@example.com
   email-subject = Host Vulnerability Scanning Results
   email-from = nmap-audit@example.com
   
   ## The maximum number of nmap threads to be run
   ## simultaneously.  Please begin this with a small
   ## number and slowly increase it to keep your machine
   ## from getting overwhelmed from too many processes
   max-threads = 20

   ## The level of detail to report.  Either low, medium, or high ##
   detail = low

   ## nmap command to be run.  Note that appended to this
   ## is the option to direct the output to a human readable
   ## file.  Therefore, using the '-oN filename' option will
   ## not work in conjunction with the nmap-audit script ##
   #nmap = nmap -sS -sU -v -O -T Polite -p 1-1024    # TCP and UDP scan
   nmap = nmap -sS -v -O -T Polite -p 1-1024         # TCP scan

   ## base directory name where all scanning data will be
   ## stored.  To this name the date of the scan and a
   ## sequence number will be appended to prevent multiple
   ## scans on the same day from overwriting data.  Use the
   ## complete path if executing via cron.
   dir-name = example

##############################################################


##############################################################
######### ignore options
######


##
## Group of all microsoft operating
## systems
##
group windows
    os = Windows

    ## RPC/DNS Administration ##
    ignore = open        135        loc-srv       tcp
    ignore = open        135        loc-srv       udp

    ## systems management over UDP ##
    ignore = open        137        netbios-ns    udp   # wins
    ignore = open        138        netbios-dgm   udp   # netbios datagrams
    ignore = open        139        netbios-ssn   tcp   # netbios datagrams

    ## Direct hosting of SMB over TCP/IP ##
    ignore = open        445        microsoft-ds  udp
    ignore = open        445        microsoft-ds  tcp
end group windows

##
## Group that contains all unix hosts
##
group unix
    os = Linux Kernel 2.4.0 - 2.5.20
    os = Solaris 2.6 - 2.7 with tcp_strong_iss=2
    os = Solaris 2.6 - 7 (SPARC)
    os = Solaris 8 early access beta through actual release
    os = Solaris 9 Beta through Release on SPARC

    ignore = open        22         ssh           tcp   # SSH
end group unix


##
## group that matches all hosts.
## place most general rules here
##
group all
    hostname = *

    ignore = filtered    *        *        *
    ignore = closed      *        *        *
end group all
 
© 2003 CMP Media LLC. All Rights Reserved.
www.sysadminmag.com