Renaud Deraison wrote: > So please, everyone who can - test the CVS release of Nessus and report > any bug/annoyance you find.
Ok, I'll byte... did Nessus 1.1.15 the honors on a Apple TiBook 667 running MacOS 10.1.3 with the very latest security patches. It identifies itself via uname as: > Darwin localhost 5.3 Darwin Kernel Version 5.3: Thu Jan 24 22:06:02 > PST 2002; root:xnu/xnu-201.19.obj~1/RELEASE_PPC Power Macintosh > powerpc Building the libraries, I get the following on configure: > checking gcc version... > ./configure: parse error: condition expected: -gt [951] I'm unable to get the configure script to pick up the OpenSSL libraries installed by Fink under /sw/lib, so the build disables SSL Compiling the libraries, I get repeated warnings, but compilation and installation finishes without any hard errors: > ./gencode.h:166: bad attribute specification, expecting identifier, > found `volatile' > ./gencode.h:166: illegal function definition, found `)' > cpp-precomp: warning: errors during smart preprocessing, retrying in > basic mode Building libnasl is a breeze. Thanks, Renaud, for fixing the lrand48 symbol problem. However, there is an error during compile: > /Documents/Incoming/nessus/tmp/libnasl/libtool: parse error: condition > expected: xno = [3183] Nessus-core builds uneventfully, except for a few ignorable warnings: > /usr/bin/ld: warning multiple definitions of symbol _locale_charset > /sw/lib/libintl.dylib(localcharset.lo) definition of _locale_charset > /sw/lib/libiconv.2.dylib(localcharset.lo) definition of > _locale_charset > /usr/bin/ld: warning multiple definitions of symbol _regcomp > regex.o definition of _regcomp in section (__TEXT,__text) > /usr/lib/libc.dylib(regcomp.o) definition of _regcomp > /usr/bin/ld: warning multiple definitions of symbol _regexec > regex.o definition of _regexec in section (__TEXT,__text) > /usr/lib/libc.dylib(regexec.o) definition of _regexec > /usr/bin/ld: warning multiple definitions of symbol _regfree > regex.o definition of _regfree in section (__TEXT,__text) > /usr/lib/libc.dylib(regfree.o) definition of _regfree > /usr/bin/ld: warning unused multiple definitions of symbol _regerror > regex.o definition of _regerror in section (__TEXT,__text) > /usr/lib/libc.dylib(regerror.o) unused definition of _regerror > /usr/bin/ld: warning unused multiple definitions of symbol _fnmatch > /usr/lib/libc.dylib(fnmatch.o) definition of _fnmatch > /sw/lib/libgtk.dylib(fnmatch.lo) unused definition of _fnmatch Building the plugins did encounter some problems. First, it appears there is a missing Makefile, and find_service.c has a problem: > gcc -bundle -undefined error -o accounts.nes accounts.o network.o > read_accounts.o -lc -L/usr/local/lib -lnessus -lhosts_gatherer > -lpcap-nessus > cp accounts.nes /Documents/Incoming/nessus/tmp/nessus-plugins/bin > make[1]: Makefile.darwin: No such file or directory > make[1]: *** No rule to make target `Makefile.darwin'. Stop. > gcc -bundle -undefined error -g -O2 -I/usr/local/include > -I/usr/local/include/nessus -c find_service.c > find_service.c: In function `plugin_run': > find_service.c:700: `test_ssl' undeclared (first use in this > function) > find_service.c:700: (Each undeclared identifier is reported only > once > find_service.c:700: for each function it appears in.) > make[1]: *** [find_service.nes] Error 1 Hydra seems to build, but no files appear: > gcc -g -O2 -I/usr/local/include -I/usr/local/include/nessus -DNESSUS_PLUGIN -c h > ydra.c -fno-common -DPIC -o .libs/hydra.lo > hydra.c:56: warning: ANSI C forbids newline in string constant > hydra.c:64: warning: ANSI C forbids newline in string constant > gcc -g -O2 -I/usr/local/include -I/usr/local/include/nessus -DNESSUS_PLUGIN -c h > ydra.c -o hydra.o >/dev/null 2>&1 > mv -f .libs/hydra.lo hydra.lo > gcc -bundle -undefined error -o hydra.nes d3des.lo hydra4nessus.lo hydra-cisco.l > o hydra-ftp.lo hydra-http.lo hydra-icq.lo hydra-imap.lo hydra-mod.lo hydra-nntp. > lo hydra-pcnfs.lo hydra-pop3.lo hydra-rexec.lo hydra-smb.lo hydra-socks5.lo hydr > a-telnet.lo hydra-vnc.lo hydra.lo -lc -L/usr/local/lib -lnessus -lhosts_gatherer > -lpcap-nessus > gcc: d3des.lo: No such file or directory > gcc: hydra4nessus.lo: No such file or directory > gcc: hydra-cisco.lo: No such file or directory > gcc: hydra-ftp.lo: No such file or directory > gcc: hydra-http.lo: No such file or directory > gcc: hydra-icq.lo: No such file or directory > gcc: hydra-imap.lo: No such file or directory > gcc: hydra-mod.lo: No such file or directory > gcc: hydra-nntp.lo: No such file or directory > gcc: hydra-pcnfs.lo: No such file or directory > gcc: hydra-pop3.lo: No such file or directory > gcc: hydra-rexec.lo: No such file or directory > gcc: hydra-smb.lo: No such file or directory > gcc: hydra-socks5.lo: No such file or directory > gcc: hydra-telnet.lo: No such file or directory > gcc: hydra-vnc.lo: No such file or directory > make[1]: *** [hydra.nes] Error 1 Plus a minor warning in whisker: > gcc -bundle -undefined error -g -O2 -I/usr/local/include > -I/usr/local/include/nessus -c whisker_wrapper.c > whisker_wrapper.c: In function `plugin_run': > whisker_wrapper.c:158: warning: assignment discards qualifiers from > pointer target type All this has the side effect of rebuilding the plugins when you do a 'make install', but they get installed anyway, with the expected: > Warning : the following plugins could not be built : > bind_bof find_service hydra Both the server and the X11 client start up and communicate ok. After running a test against a fully-patched Win2K Prof. machine, the scan finishes without apparent errors, but nessus.dump contains: > nasl:pcap.c : No free bpf > ERROR : Could not find/open the pcap for interface en0 > nasl:pcap.c : No free bpf > ERROR : Could not find/open the pcap for interface en0 However, nessus.messages doesn't contain anything that looks like an error message. Are these ignorable errors, or does it mean that Nessus didn't do a thing ? Finally, could you please put a "Close" button on the Report window ? If your window manager doesn't implement that function and leaves it up to the application, then you have to quit nessus to close it. I've kept logs of all component builds and the test run. Thanks for everything, Renaud. J. Courcoul
