hi george,
here's what the process table looks like when nessus appears to hang:
vishnu> ps -ef | grep nessus
root 24885 1 0 00:35 ? 00:00:00 nessusd: waiting for
incoming connections
root 31753 24885 2 10:26 ? 00:00:02 nessusd: serving
140.107.74.124
root 31801 31753 0 10:31 ? 00:00:00 nessusd: testing
hitchcock.fhcrc.org
root 31805 31801 0 10:31 ? 00:00:00 nessusd: testing
hitchcock.fhcrc.org (/opt/vdops/lib/nessus/plugins/nmap.nasl)
vishnu>
yes, log_whole_attack is set to 'yes' in nessud.conf ...
vishnu:/opt/vdops/etc/nessus # grep log_whole_attack nessusd.conf
log_whole_attack = yes
vishnu:/opt/vdops/etc/nessus #
however, vishnu:/opt/vdops/var/nessus/logs/nessusd.dump and
nessusd.messages are empty ...
i've redirected logging to syslog:
vishnu:/opt/vdops/etc/nessus # grep logfile nessusd.conf
logfile = syslog
vishnu:/opt/vdops/etc/nessus #
and my original post contained everything related to 'nessus' in syslog
... not much to see ...
so you run on a linux 2.6 kernel, and so does kristopher karas ... that
suggests that this issue is peculiar to my installation, not to 2.6 in
general.
i just tried doing a scan with NessusWX ... after letting it 'hang' for
~10 minutes, i stopped it, and the client survived the experience ...
though the related processes in the process table didn't die ... i'm going
to stop/start nessusd to do that ...
vishnu> ps -ef | grep nessus
root 24885 1 0 00:35 ? 00:00:00 nessusd: waiting for
incoming connections
root 31753 24885 0 10:26 ? 00:00:02 nessusd: serving
140.107.74.124
root 31801 31753 0 10:31 ? 00:00:00 nessusd: testing
hitchcock.fhcrc.org
root 31805 31801 0 10:31 ? 00:00:00 nessusd: testing
hitchcock.fhcrc.org (/opt/vdops/lib/nessus/plugins/nmap.nasl)
skendric 31887 30392 0 10:47 pts/7 00:00:00 grep nessus
vishnu>
here is the report:
NESSUS SECURITY SCAN REPORT
Created 13.10.2004 Sorted by host names
Session Name : Hitchcock
Start Time : 13.10.2004 10:28:06
Finish Time : 00.00.0000 00:00:00
Elapsed Time : 5103 day(s) 65517:65517:65533
Plugins used in this scan:
Id Name
----------------------------------------------------------------------------
Preferences settings for this scan:
max_hosts = 16
max_checks = 10
log_whole_attack = yes
cgi_path = /cgi-bin
port_range = 1-65535
optimize_test = yes
language = english
checks_read_timeout = 5
non_simult_ports = 139, 445
plugins_timeout = 320
safe_checks = no
auto_enable_dependencies = yes
use_mac_addr = no
save_knowledge_base = no
kb_restore = no
only_test_hosts_whose_kb_we_dont_have = no
only_test_hosts_whose_kb_we_have = no
kb_dont_replay_scanners = no
kb_dont_replay_info_gathering = no
kb_dont_replay_attacks = no
kb_dont_replay_denials = no
kb_max_age = 864000
plugin_upload = no
plugin_upload_suffixes = .nasl, .inc
slice_network_addresses = no
ntp_save_sessions = yes
ntp_detached_sessions = yes
server_info_nessusd_version = 2.1.3
server_info_libnasl_version = 2.1.3
server_info_libnessus_version = 2.1.3
server_info_thread_manager = fork
server_info_os = Linux
server_info_os_version = 2.6.5-7.108-default
reverse_lookup = no
ntp_keep_communication_alive = yes
ntp_opt_show_end = yes
save_session = no
detached_scan = no
continuous_scan = no
Total security holes found : 0
high severity : 0
low severity : 0
informational : 0
Scanned hosts:
Name High Low Info
------------------------------------------------
hitchcock.fhcrc.org 0 0 0
--sk
stuart kendrick
fhcrc
From: George Theall <[EMAIL PROTECTED]>
Subject: Re: linux 2.6 / hangs
To: [EMAIL PROTECTED]
Message-ID: <[EMAIL PROTECTED]>
Content-Type: text/plain; charset="us-ascii"
>I am, albeit compiling everything from source on a Red Hat 9 platform.
>Is log_whole_attack is set to "yes" in nessusd.conf? If not, would you
>mind making the change, restarting nessusd, launching an attack again,
>and posting the results?
>Also, when nessusd appears to hang, what nessus / nmap related processes
>are active on the server?
>George
_______________________________________________
Nessus mailing list
[EMAIL PROTECTED]
http://mail.nessus.org/mailman/listinfo/nessus
