<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=us-ascii">
<META content="MSHTML 6.00.6000.16608" name=GENERATOR></HEAD>
<BODY>
<DIV dir=ltr align=left><FONT face=Arial color=#0000ff size=2>
<DIV><FONT face=Arial size=2><SPAN class=252290001-22072008><STRONG>My
question</STRONG>: will this continue to be the behavior in the
future?</SPAN></FONT></DIV></FONT></DIV><BR>
<DIV class=OutlookMessageHeader lang=en-us dir=ltr align=left>
<HR tabIndex=-1>
<FONT face=Tahoma size=2><B>From:</B> nessus-bounces@list.nessus.org
[mailto:nessus-bounces@list.nessus.org] <B>On Behalf Of </B>John
Scherff<BR><B>Sent:</B> Monday, July 21, 2008 6:12 PM<BR><B>To:</B>
nessus@list.nessus.org<BR><B>Subject:</B> DOT-NESSUS FILE<BR></FONT><BR></DIV>
<DIV></DIV>
<DIV><SPAN class=252290001-22072008><FONT face=Arial size=2><STRONG>Tenable
Team</STRONG>,</FONT></SPAN></DIV>
<DIV><SPAN class=252290001-22072008><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=252290001-22072008><FONT face=Arial size=2>I was pleasantly
surprised to find out that <FONT color=#ff0000>extraneous XML is not stripped
out of the dot-nessus file by the scanner</FONT>. I plan to create a new
node called <Directives> (a sibling to <Policies>) and beneath
that will be configuration items of my own which will be consumed by post-scan
handlers (e.g., scripts that convert and email the scan results). For
example:</FONT></SPAN></DIV>
<DIV><SPAN class=252290001-22072008><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=252290001-22072008><FONT face="Courier New" size=2><?xml
version="1.0"?><BR><NessusClientData><BR><FONT color=#0000ff>
<Directives></FONT></FONT></SPAN></DIV>
<DIV><SPAN class=252290001-22072008><FONT face="Courier New" color=#0000ff
size=2> <Directive></FONT></SPAN></DIV>
<DIV><SPAN class=252290001-22072008><FONT face="Courier New" color=#0000ff
size=2>
<name>outputFormats</name></FONT></SPAN></DIV>
<DIV><SPAN class=252290001-22072008><FONT face="Courier New" color=#0000ff
size=2> <value>html;nbe</value></FONT></SPAN></DIV>
<DIV><SPAN class=252290001-22072008><FONT face="Courier New" color=#0000ff
size=2> </Directive></FONT></SPAN></DIV>
<DIV><SPAN class=252290001-22072008><FONT face="Courier New" color=#0000ff
size=2> <Directive></FONT></SPAN></DIV>
<DIV><SPAN class=252290001-22072008><FONT face="Courier New" color=#0000ff
size=2>
<name>emailRecipients</name></FONT></SPAN></DIV>
<DIV><SPAN class=252290001-22072008><FONT face="Courier New" color=#0000ff
size=2> <value>jscherff@24hourfit.com,deraison@nessus.org</value></FONT></SPAN></DIV>
<DIV><SPAN class=252290001-22072008><FONT face="Courier New" color=#0000ff
size=2> </Directive></FONT></SPAN></DIV>
<DIV><SPAN class=252290001-22072008><FONT face="Courier New" color=#0000ff
size=2> <Directive></FONT></SPAN></DIV>
<DIV><SPAN class=252290001-22072008><FONT face="Courier New" color=#0000ff
size=2>
<name>attachResults</name></FONT></SPAN></DIV>
<DIV><SPAN class=252290001-22072008><FONT face="Courier New" color=#0000ff
size=2>
<value>no</value></FONT></SPAN></DIV>
<DIV><SPAN class=252290001-22072008><FONT face="Courier New" color=#0000ff
size=2> </Directive></FONT></SPAN></DIV>
<DIV><SPAN class=252290001-22072008><FONT face="Courier New" color=#0000ff
size=2> <Directive></FONT></SPAN></DIV>
<DIV><SPAN class=252290001-22072008><FONT face="Courier New" color=#0000ff
size=2>
<name>stripInfos</name></FONT></SPAN></DIV>
<DIV><SPAN class=252290001-22072008><FONT face="Courier New" color=#0000ff
size=2>
<value>yes</value></FONT></SPAN></DIV>
<DIV><SPAN class=252290001-22072008><FONT face="Courier New" color=#0000ff
size=2> </Directive></FONT></SPAN></DIV>
<DIV><SPAN class=252290001-22072008><FONT face="Courier New" color=#0000ff
size=2> </Directives></FONT></SPAN></DIV>
<DIV><SPAN class=252290001-22072008><FONT face="Courier New" size=2>
<Targets></FONT></SPAN></DIV>
<DIV><SPAN class=252290001-22072008><FONT face="Courier New"
size=2> ...<BR> </Targets><BR>
<Policies><BR> <Policy
passwordsType="Linux"><BR>
<policyName/><BR>
<policyComments/></FONT></SPAN></DIV>
<DIV><SPAN class=252290001-22072008><FONT face="Courier New"
size=2> ...</FONT></SPAN></DIV>
<DIV><SPAN class=252290001-22072008><FONT face="Courier New"
size=2></NessusClientData></FONT></SPAN></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2><SPAN class=252290001-22072008><STRONG>My
question</STRONG>: Is it by accident or design that unused XML is ignored and
left untouched by the nessus, and will this continue to be the behavior in the
future?</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN
class=252290001-22072008></SPAN></FONT> </DIV>
<DIV><FONT face=Arial size=2><SPAN
class=252290001-22072008>Thanks,</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV align=left><FONT face=Arial size=2><STRONG>John
Scherff</STRONG></FONT></DIV>
<DIV align=left><FONT face=Arial size=2><STRONG>Information Security and Storage
Manager</STRONG></FONT></DIV>
<DIV align=left><FONT face=Arial size=2>24 Hour Fitness</FONT></DIV>
<DIV align=left><FONT face=Arial size=2>o: 760-918-4485</FONT></DIV>
<DIV align=left><FONT face=Arial size=2>c: 760-351-6946</FONT></DIV>
<DIV align=left><FONT face=Arial size=2>e: <A
href="mailto:jscherff@24hourfit.com">jscherff@24hourfit.com</A></FONT></DIV>
<DIV align=left><FONT face=Arial size=2></FONT> </DIV>
<DIV align=left><FONT face=Arial size=2><EM>The code of competence is the only
system of morality that's on a gold standard.</EM> -Ayn Rand</FONT></DIV>
<DIV> </DIV></BODY></HTML>