hi folks,
i'm still wrestling with nessusd 2.1.3 under suse 9.1 ... i just upgraded
to nmap-3.75, and some of the symptoms have changed:
-how do i put nessusd into debug mode? i see the following line in syslog
when i start nessusd ...
Oct 18 15:29:57 vishnu nessusd: Redirecting debugging output to
/opt/vdops/var/nessus/logs/nessusd.dump
but there isn't much in this file ... is there a command-line switch for
telling nessusd to dump debug info?
-using nmap-3.75, as compared to nmap-3.70, i see way more nessusd
processes in the process table ... this doesn't make sense to me ... but
i'm hoping that this tidbit will spark someone's memory.
root 30568 1 0 15:30 ? 00:00:00 nessusd: waiting for
incoming connections
root 30571 30568 12 15:30 ? 00:00:04 nessusd: serving
140.107.74.124
root 30592 30571 1 15:30 ? 00:00:00 nessusd: testing
hitchcock.fhcrc.org
root 30610 30592 0 15:30 ? 00:00:00 nessusd: testing
hitchcock.fhcrc.org (/opt/vdops/lib/nessus/plugins/snmp_default_communities.nasl)
root 30612 30592 0 15:30 ? 00:00:00 nessusd: testing
hitchcock.fhcrc.org (/opt/vdops/lib/nessus/plugins/ntp_open.nasl)
root 30620 30592 3 15:30 ? 00:00:00 nessusd: testing
hitchcock.fhcrc.org (/opt/vdops/lib/nessus/plugins/dcetest.nasl)
root 30622 30592 0 15:30 ? 00:00:00 nessusd: testing
hitchcock.fhcrc.org (/opt/vdops/lib/nessus/plugins/cifs445.nasl)
root 30624 30592 0 15:30 ? 00:00:00 nessusd: testing
hitchcock.fhcrc.org (/opt/vdops/lib/nessus/plugins/account_jack.nasl)
root 30625 30592 0 15:30 ? 00:00:00 nessusd: testing
hitchcock.fhcrc.org (/opt/vdops/lib/nessus/plugins/http_login.nasl)
root 30626 30592 0 15:30 ? 00:00:00 nessusd: testing
hitchcock.fhcrc.org (/opt/vdops/lib/nessus/plugins/DDI_Directory_Scanner.nasl)
root 30627 30592 0 15:30 ? 00:00:00 nessusd: testing
hitchcock.fhcrc.org (/opt/vdops/lib/nessus/plugins/cisco_http_admin_access.nasl)
root 30628 30592 0 15:30 ? 00:00:00 nessusd: testing
hitchcock.fhcrc.org (/opt/vdops/lib/nessus/plugins/blackmoon_ftp_users_enum.nasl)
root 30629 30592 0 15:30 ? 00:00:00 nessusd: testing
hitchcock.fhcrc.org (/opt/vdops/lib/nessus/plugins/doc_browsable.nasl)
root 30636 30500 0 15:31 pts/3 00:00:00 grep nessus
-i ran nessusd under strace (strace -o foo -ff /etc/init.d/nessusd start)
and then looked at some of the files created ... here's the tail end of
output from the process associated with the cifs445 plug-in
(/opt/vdops/lib/nessus/plugins/cifs445.nasl):
[...]
open("/opt/vdops/lib/nessus/plugins/.desc/cifs445.desc", O_RDONLY) = 7
fstat64(7, {st_mode=S_IFREG|0644, st_size=5516, ...}) = 0
mmap2(NULL, 5516, PROT_READ, MAP_SHARED, 7, 0) = 0x4048a000
munmap(0x4048a000, 5516) = 0
close(7) = 0
send(4, "\0\0\2\0", 4, 0) = 4
send(4, "=\0\0\0", 4, 0) = 4
send(4, "1 SentData/11011/INFO=An SMB ser"..., 61, 0) = 61
recv(4, "\2\0\1\0", 4, 0) = 4
send(4, "\0\0\4\0", 4, 0) = 4
send(4, "\202\0\0\0", 4, 0) = 4
send(4, "SERVER <|> INFO <|> hitchcock.fh"..., 130, 0)
= 130
recv(4, "\2\0\1\0", 4, 0) = 4
send(4, "\0\0\2\0", 4, 0) = 4
send(4, "\23\0\0\0", 4, 0) = 4
send(4, "3 Success/11011=1;\n", 19, 0) = 19
recv(4,
and here's the tail end of strace output from a process associated with
"ntp_open.nasl":
[...]
open("/opt/vdops/lib/nessus/plugins/.desc/dcetest.desc", O_RDONLY) = 6
fstat64(6, {st_mode=S_IFREG|0644, st_size=5516, ...}) = 0
mmap2(NULL, 5516, PROT_READ, MAP_SHARED, 6, 0) = 0x40019000
munmap(0x40019000, 5516) = 0
close(6) = 0
open("/opt/vdops/var/nessus/services.tcp", O_RDONLY) = 6
fstat64(6, {st_mode=S_IFREG|0644, st_size=568920, ...}) = 0
mmap2(NULL, 568920, PROT_READ, MAP_SHARED, 6, 0)
= 0x403ff000
send(4, "\0\0\2\0", 4, 0) = 4
send(4, "N\1\0\0", 4, 0) = 4
send(4, "1 SentData/10736/INFO=\\nDistribu"..., 334, 0) = 334
recv(4,
from keeping a "tail -f foo.whatever" going on a couple of these files ...
they don't seem to progress past that last "recv(4," state. does this
information suggest a cause for this 'hanging' i'm seeing?
--sk
stuart kendrick
fhcrc
_______________________________________________
Nessus mailing list
[EMAIL PROTECTED]
http://mail.nessus.org/mailman/listinfo/nessus
