User Management¶
-
class
nessus.
Users
(uri, api)¶ -
add
(login, password, admin=False)¶ Creates a new user in the Nessus user’s database.
This effectively creates the user and its home directory on disk. The login must match the regex
^[a-zA-Z0-9.@-]+$
. Only an administrator can create another user.Parameters: - login – name of the user to create
- password – password for this user
- admin – set to 1 if the new user will be declared as an administrator
Permissions:
- authenticated: Yes
- administrator: Yes
Example:
>>> from nessus import API >>> nessus = API('https://127.0.0.1:8834', username='user', password='pass') >>> print nessus.users.list() [ { "admin": "TRUE", "name": "test", "lastlogin": 1416492416 } ] >>> nessus.users.add('test2', 'pass2') >>> print nessus.users.list() [ { "admin": "TRUE", "name": "test", "lastlogin": 1416492416 }, { "admin": "FALSE", "name": "test2" } ]
Todo
add login regexp verification
^[a-zA-Z0-9.@-]+$
-
chpasswd
(password)¶ Lets a user or administrators change their password.
Parameters: password – the user’s password to be changed Permissions:
- authenticated: Yes
- administrator: No
Example:
>>> from nessus import API >>> nessus = API('https://127.0.0.1:8834', username='user', password='pass') >>> nessus.users.chpasswd('turbotajnehaslo')
-
delete
(login)¶ Deletes an existing user.
Under the hood, this will delete the user home directory (i.e.,
/opt/nessus/var/nessus/users/<userName>/
), including this user’s policies and reports.Parameters: login – name of the user to delete Permissions:
Example:
>>> from nessus import API >>> nessus = API('https://127.0.0.1:8834', username='user', password='pass') >>> nessus.users.delete('test2')
- authenticated: Yes
- administrator: Yes
-
edit
(login, password=None, admin=None)¶ Edits the details of an existing user.
The user’s password and admin status can be modified, however the username cannot be.
Parameters: - login – name of the user to edit
- password – password of the user
- admin – True for yes, False for no
Permissions:
- authenticated: Yes
- administrator: Yes
Example:
Set new password for user test2:
>>> from nessus import API >>> nessus = API('https://127.0.0.1:8834', username='user', password='pass') >>> nessus.users.edit('test2', password='newpass')
Make user test2 admin:
>>> nessus.users.edit('test2', admin=True) >>> print nessus.users.list() [ (...), { "admin": "TRUE", "name": "test2" } ]
-
list
()¶ Lists the users on the Nessus scanner.
The result contains their administrator status and the time they last logged in.
Permissions:
- authenticated: Yes
- administrator: Yes
Example:
>>> from nessus import API >>> nessus = API('https://127.0.0.1:8834', username='user', password='pass') >>> print nessus.users.list() [ { "admin": "TRUE", "name": "test", "lastlogin": 1416492416 } ]
-