Selecting a compliance scan policy
An entire compliance scan or audit is different from a typical vulnerability scan; it is completely dependent on the plugins and the Nessus audit file. We have already covered the basics on how to download and update the plugins in Chapter 2, Understanding Network Scanning Tools. We will now uncover further details about plugins and the Nessus audit file. In this recipe, we will look how to select the correct baseline policy from the set of policies that come preloaded in Nessus, in order to perform a configuration audit for a Linux host.
Plugins
Each plugin consists of syntax to check for a specific vulnerability for a version or multiple versions of the software, services, and operating systems. A group of plugins for a similar operating system/service/software are grouped as a plugin family, shown as follows:
These plugin families expand into different plugins that each perform a specific check. A user cannot manually add a plugin; they can only download...