ABOUT NESSUS

==

Nessus will scan target hosts for vulnerabilities. It has a client-server architecture, with the command-line tool connecting to the server to request scans and fetch results.

Learn More:

• http://en.wikipedia.org/wiki/Nessus_(software)
• http://www.nessus.org/nessus/

OBJECTIVE

=

We want to have scanning on demand for nebula hosts and instances. A host is the operating system that runs on the physical hardware and manages the virualized instances. Instances are the virtualized resources that are created by end-users.

It is imperative that we keep our infrastructure secure.

TASK

==

The client and server for Nessus communicate over XMLRPC. It doesn't seem to have any documentation, but there are client libraries in Ruby and perl. We want to be able to send scan requests and retrieve results from nessusd.

Most components in the Nova stack listen on a Rabbit MQ message bus to receive commands. In an ideal setup, we would create an endpoint that listens to a security message bus, with commands for scanning and retrieving results.

REFERENCES

==

nessus-xmlrpc (Ruby): http://nessus-xmlrpc.rubyforge.org/ Net::Nessus::XMLRPC (perl): http://search.cpan.org/~kost/Net-Nessus-XMLRPC-0.30/lib/Net/Nessus/XMLRPC.pm