I played a little with Nessus 2.1.3 since I am very interested in the local security checks feature.
I installed Nessus on a Linux Mandrake 10.0 machine, and used it to scan another Mandrake 10.0 system.
After a few tests, I noticed that the ssh_get_info.nasl plugin wouldn't work when netstat scanner was enabled. I investigated the matter a bit, and I found that the problem seems to lie with the shared socket secret/ssh/socket, which is not released by the netstat scanner plugin. If I disable netstat scanner, ssh_get_info.nasl is able to acquire the shared socket (but it too seems to forget to release it!).
Here's the relevant info taken from nessusd.messages:
with netstat scanner enabled:
...
[Mon Sep 20 15:40:32 2004][23672] launching netstat_portscan.nasl [23676]
[Mon Sep 20 15:40:32 2004][23672] shared_socket: Process 23676 creates a socket - Secret/SSH/socket
[Mon Sep 20 15:40:33 2004][23672] netstat_portscan.nasl (process 23676) finished its job in 0.609 seconds
[Mon Sep 20 15:40:33 2004][23672] shared_socket: Process 23676 forgot to release a shared socket!
...
[Mon Sep 20 15:41:18 2004][23672] launching ssh_get_info.nasl [24075]
[Mon Sep 20 15:41:18 2004][23672] shared_socket: Secret/SSH/socket now locked by 24075
[Mon Sep 20 15:41:18 2004][23672] Process 24075 seems to have died too early
[Mon Sep 20 15:41:18 2004][23672] ssh_get_info.nasl (process 24075) finished its job in 0.071 seconds
[Mon Sep 20 15:41:18 2004][23672] shared_socket: Process 24075 forgot to release a shared socket!
with netstat scanner disabled:
...
[Mon Sep 20 15:36:59 2004][22924] launching ssh_get_info.nasl [23326]
[Mon Sep 20 15:36:59 2004][22924] shared_socket: Process 23326 creates a socket - Secret/SSH/socket
[Mon Sep 20 15:37:05 2004][22924] ssh_get_info.nasl (process 23326) finished its job in 5.505 seconds
[Mon Sep 20 15:37:05 2004][22924] shared_socket: Process 23326 forgot to release a shared socket!
I guess the process creating the "shared" socket won't release it...
The command nessusd -d outputs:
This is Nessus 2.1.3 for Linux 2.6.3-7mdk
compiled with gcc version 3.3.2 (Mandrake Linux 10.0 3.3.2-6mdk)
Current setup :
nasl : 2.1.3
libnessus : 2.1.3
SSL support : enabled
SSL is used for client / server communication
Running as euid : 0
Include these infos in your bug reports
Otherwise, Nessus 2.1.3 seems to work much better than the previous experimental release! Good work! ;-)
Has anybody else experienced the same problem or it's just my box playing tricks?
Hope it helps,
Davide
At 20.45 17/09/2004, Renaud Deraison wrote:
I am pleased to announce the availability of Nessus 2.1.3.
Nessus 2.1.3 has now been upgraded to the 'beta' status, if this release goes
well bug-wise, I'll probably release Nessus 2.2.0 (officially stable)
in a week or two - so please test it extensively and let me know your results.
As you probably already know, Nessus 2.1 gives to Nessus the ability to
perform local security checks against remote hosts over SSH, provided you
give it a key pair and a username to log into the remote servers.
Local security checks can be done against the following platforms:
- AIX
- Fedora
- FreeBSD
- Gentoo
- MacOS X
- Mandrake
- Red Hat Enterprise Linux
- Solaris
- SuSE Linux
- Microsoft Windows
Please read <http://www.nessus.org/doc/nessus_ssh_local.html> for more details.
On a more technical side, Nessus 2.1.x sports a complete rewrite of the
way the processes communicate between each other, thus making several
nessusd processes less CPU intensive and paving the way for more collaboration
between scripts. It also introduces the concept of "trusted nasl scripts",
a small set of scripts which can execute local commands or store KB data
in a separate location. The NASL language has also been extended with
new functions and some syntax changes that we'll probably use over time.
At this point, I consider Nessus 2.1.3 as being stable and bug-free, and
I'm releasing it to confirm my assumption. If you can test it, please
report :
- If the package compiles at all on your system
- If you can get the SSH plugins to log into remote hosts
- If you feel that nessusd is faster or slower than Nessus 2.0.x
- If you feel that nessusd is using more or less CPU than Nessus 2.0.x
Nessus 2.1.3 is available at :
http://ftp.nessus.org/nessus/src/nessus-2.1.3/
Thanks,
-- Renaud
_______________________________________________
Nessus mailing list
[EMAIL PROTECTED]
http://mail.nessus.org/mailman/listinfo/nessus
_______________________________________________ Nessus mailing list [EMAIL PROTECTED] http://mail.nessus.org/mailman/listinfo/nessus
