Nessus from Tenable Network Security is an invaluable tool for vulnerability scanning. As a windows-only shop, we were very pleased that Nessus would run on a Windows platform. For our configuration, we have a server sitting outside of our firewall with multiple public IP addresses. We configured firewall policies for the system's primary IP address to allow it necessary access into our environment and from our management subnet to the device. That means we needed a different IP address to use for scanning so it can be subject to the standard rules that apply to all external traffic.

In *nix environments, the Nessus daemon has a command line switch that forces the scanner to use a specific source IP for scans (this is different than the "listen address" which is used by remote clients to connect to the scanner - that setting can be configured in nessusd.conf). Unfortunately, the nessus-service.exe called by the Windows Service does not pass command line parameters to the nessusd process.

Not to worry, our old friend srvany comes to the rescue (note that srvany only works on Windows 2000/2003/XP). Perform the following steps:

1. Stop the Nessus service
2. Copy the srvany.exe executable to C:\Program Files\Tenable\Nessus
3. Modify the ImageName value under HKLM\SYSTEM\CurrentControlSet\Services\Tenable Nessus to C:\Program Files\Tenable\Nessus\srvany.exe
4. Add a Parameters key under HKLM\SYSTEM\CurrentControlSet\Services\Tenable Nessus
5. Add a REG_SZ value named Application with the following value (replace <ip_address> with the IP you want the scanner to use for scans):
   C:\Program Files\Tenable\Nessus\nessusd.exe -S <ip_address>
6. Start the Nessus service.

Happy scanning!

I encountered an odd error playing with PowerShell 2.0 in Windows Server 2008 R2.  I couldn’t import the IIS module (WebAdministration) in PowerShell using the normal command.

import-module -name WebAdministration

The strange part is that it works on some servers, but not on others.  Very odd.  After tinkering with the help and command for a while I found an alternate command which appears to work on all servers.

get-module -list webadministration | import-module

Just thought I’d share.