Nessus Rules Informations

1. What are the "Nessus rules"
	
	We call 'Nessus rules' a set of commands which say to
	the server (nessusd) which computers it can/can't test.
	
2. Where are they located ?

	The Nessus rules are located in two files :
	- nessusd.rules
	- nessusd.users
	
	The rules in nessusd.rules are global, (that is : effective for
	each user), whereas the rules in nessusd.users are for users
	only.
        
        In addition to that, the client can upload its rules to the
        server.
       
3. Rules syntax

Basically, a rule consists in
LETTER:PATTERN

where  LETTER  can  be  either n,y and N. n means that you
DON'T want to scan the hosts  that  fit  with  pattern,  y
means that you DO want to scan the hosts that fit with the
pattern and N means that you ABSOLUTELY  DO  NOT  want  to
scan  the hosts that fits the pattern. The pattern will be
a text string, with the * and ? wildcards admitted. So the
set of rules :
n:*
y:*.foo.org
N:ppp*.foo.org
will mean : 'do not test any computer except those in the
foo.org domain, and even though, don't test the hosts that
start with 'ppp' in this domain'.  Easy, isn't it?


	
	
