On Thu, Mar 11, 2004 at 12:49:20PM -0500, Jian Hui Wang wrote: > When I used my old cron setting, I found nessus communicated with > nessusd but seemed waiting something... > I piped the nessus result to /root/word, and found it asked me to accept > the certification or not. But my .nessusrc file has the explicit path > for the certification file.
Actually, this isn't correct. Your config file points to the Certificate Authority's certificate; what you're asked to validate is the Nessus server's certificate. While the client can use the CA's cert to ensure that the server it connects to has, in a sense, been validated by the CA, it can not ensure that you're connecting to the server you think you are. Now this may not be a big deal when you roll your own certificates with nessus-mkcert and friends, but imagine what happens if instead you use certificates obtained from, say, Verisign. > My confusion is: I think my old cron path has already covered the system > PATH value, why it dosen't work? > old: > PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/:/nessus/nessus-auto > new: > PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/X > 11R6/bin:/root/bin [Note: I'm not exactly sure what you're asking; I presume it's about why the old path setting didn't work for you.] In my previous message, I asked where nessus was installed. My guess was it's in /usr/local/bin, which isn't in the first path -- you have "/usr/local/" but not "/usr/local/bin". George -- [EMAIL PROTECTED]
pgp00000.pgp
Description: PGP signature
_______________________________________________ Nessus mailing list [EMAIL PROTECTED] http://mail.nessus.org/mailman/listinfo/nessus
