Hello everyone,
I'd like to do several announcements today : 1. Change in policy in the Nessus Plugin Feed 2. Nessus 2.2.1 has been released 3. NessusWX workaround 4. Nessus.org got a facelift 1. Change in policy in the Nessus Plugin Feed --------------------------------------------- We have decided to change the way the new plugins are being released and published. Today, whenever a user types 'nessus-update-plugins', he receives all the newest plugins from http://www.nessus.org/nasl/all-2.0.tar.gz. Basically, several changes are occuring : - The first one, is that the current feed will only contain GPL plugins (ie: currently about 2,000 plugins). This means that the current command "nessus-update-plugins" will continue to work properly, but you will get less plugins than what you can get today, as (as many of you have noticed), plugins released by my company (Tenable) are *not* released under the GPL - When downloading Nessus 2.2.1 (and newer), you now have the opportunity to "register". ie: submit your email address and you will receive an "activation code", which will entitle you to receive a full plugin feed (GPL + Tenable). We do not intend to contact you thru this email address, except to send you an activation code and to inform you if you generate too much traffic (believe it or not, there are people out there downloading all the Nessus plugins _EVERY MINUTE_). To use the activation code, you'll need to upgrade to Nessus 2.2.1 and use the new 'nessus-fetch' command line utility. - Users now have the opportunity to buy access to a "Direct Plugin Feed". What this really means is that the free feed will actually be delayed by seven days for non-GPL plugins. If you are one of these companies who need to be 100% up-to-date, such a subscription will be of some interest to you. More information at : http://www.tenablesecurity.com/products/direct.shtml So there are three ways to update plugins now : - a GPL feed containing the plugins submitted by the community ; - a Registered feed containing the latest plugins submitted by the community, and the plugins written by Tenable delayed by 7 days ; - a commercial Direct Feed which contains all the newest and greatest plugins ; 2. Nessus 2.2.1 has been released --------------------------------- I am very happy with the whole Nessus 2.2.x serie - there has been no showstopper so far, apart from minor bugs. Nessus 2.2.1 contains the following fixes and improvements : - We now turned on TCP buffering for every TCP sockets, which should reduce the number of system calls and lower the load on a given host. That allowed us to spot a minor bug in the buffering code that we fixed as well ; - We added a new utility called "nessus-fetch" which is intended to be a replacement for wget/lynx/curl/whatever was used by nessus-update-plugins. - Michel wrote a new TCP port scanner which replaces nmap_tcp_connect.nes, which not only performs a port scan but also grabs banners on the fly, which in turn makes find_service.nes much faster. - We fixed two bugs: - bug#1065: nessusd would do an endless stream of gethostbyname() when testing a non-existant host name - bug#1076: The nessus scripts would not work under bash 3.0 3. NessusWX work around ----------------------- Nicolas Pouvesle attempted to fix a bug in NessusWX which prevents it to work with Nessus 2.2.0. We've (re-)released NessusWX-1.4.4-NP which is an unoffocial version which now works. If you tried it yesterday, try the new binary we uploaded this morning. 4. Nessus.org got a facelift ---------------------------- The Nessus website has been re-done ! The new website is hopefully cleaner and clearer. If you encounter dead links, typos or any other problem, please let me know ! Thanks, -- Renaud _______________________________________________ Nessus mailing list [EMAIL PROTECTED] http://mail.nessus.org/mailman/listinfo/nessus
