Can one simply upgrade an existing 1.1.14 installation? If so, is it better to use the nessus-installer script or run the compile/make/make-install steps?
-----Original Message----- From: Renaud Deraison [mailto:[EMAIL PROTECTED]] Sent: Thursday, April 18, 2002 11:57 AM To: [EMAIL PROTECTED] Subject: Nessus 1.2.0 released Nessus 1.2.0 has been released. Woowoo - it's supposed to be stable now :) Here are the changes since Nessus 1.1.14 : . changes by Nicolas Dubee ([EMAIL PROTECTED]) : - Better support for AF_UNIX sockets . changes by Brian ([EMAIL PROTECTED]) : - CVE references - several bugfixes in the plugins . changes by Peter Gr�ndl ([EMAIL PROTECTED]) and Carsten Joergensen ([EMAIL PROTECTED]) : - Extensive review of the plugins and therefore numerous fixes . changes by Axel Nennker ([EMAIL PROTECTED]) - FD leak in save_kb.c fixed . changes by Renaud Deraison (deraison at nessus.org) - It is now possible to upload files to the server when using the command line client - lrand48() portability problems worked around - fixed a bug in the report window that would make it crash randomly And here's the official announcement : The Nessus Team is pleased to announce the availability of Nessus 1.2.0 Nessus is a remote security scanner which has been developped since 1998. It is free, open-sourced (GPLed) and updated very regularly (and currently performs over 900 security checks) What is new in Nessus 1.2, in comparison of Nessus 1.0 ? -------------------------------------------------------- A lot of changes took place during the two years Nessus 1.2 has been worked on. Here's a non-exhaustive list : - Security checks are run in parallel ; - Full SSL support ; - "safe checks" option (makes nessusd rely on a banner rather than take the risk to disable the remote service) ; - "optimisations" option (make nessusd run "focused" tests (ie: IIS-specific tests on IIS, and so on...) - Better CGI auditing ; - IDS evasion options ; - KB saving support (can be used for off-line security audits) ; - Session saving support ; - Differential scans ; - New reports file formats ; - Tuned security checks (for better performance) ; - More configurable ; - Improved SMB support (Nessus can log into a domain, and extracts more information from the tested hosts). - Scales __much__ better ; - Kazillions of bugs fixed ; - And more ! Note that Nessus 1.2.x is the result of two years of work and improvements, so not everything can be listed. Have a look at the changelogs for full details (in nessus-core/CHANGES) Where to get it --------------- Nessus is available at : http://www.nessus.org/ and ftp://ftp.nessus.org/pub/nessus/nessus-1.2.0/ Portability ----------- Nessus 1.2.0 can be compiled on a wide range of Unixes, including : - Solaris - OpenBSD - FreeBSD - NetBSD - Red Hat Linux (and probably other distros) - Darwin / MacOS X - ... A Win32 client (NessusWX) is available for the Win32 platform (at http://nessuswx.nessus.org) More toys soon -------------- A web interface allowing you to mount your own ASP business will be released soon - keep an eye on our website for details about this :) Bugs ? What bugs ?? ------------------- If you find bugs or have enhancement requests, please send them to me ([EMAIL PROTECTED]) Thanks ------ I'd like to thank everyone who tested and improved Nessus when it was labelled as being unstable. I would like to thank in particular Michel Arboi ([EMAIL PROTECTED]) and Michael Scheidell ([EMAIL PROTECTED]) who both did an insanely big amount of work for Nessus 1.2 Thanks, -- Renaud
