Just to be sure, check the nessusd.dump log file. Versions of nessus at release 2.0.x is no longer completely compatible with the current NASL library, and your results may be unpredictable.
The dump file typically is at /usr/local/var/nessus/logs Rgs, Robert -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of kalin mintchev Sent: Monday, June 13, 2005 3:23 PM To: [email protected] Subject: reports hi all... i just successfully installed and run a few audits.. i liked it but... i got a few false security holes so i was wondering why. where is nessus getting its wrong information from?... for example i got a security hole warning for ssh on a freebsd machine. it says that the machine is running OpenSSH older then 3.7.1. it's not. here: # ssh -V OpenSSH_3.9p1, OpenSSL 0.9.7d 17 Mar 2004 and also i got a security hole for php 4.3 when the machine is running 4.3.10 # php -v PHP 4.3.10 (cli) (built: Feb 10 2005 14:16:46) Copyright (c) 1997-2004 The PHP Group Zend Engine v1.3.0, Copyright (c) 1998-2004 Zend Technologies is there a way to avoid those false positives? like fine-tuning the scan maybe? the nessus server information is: # nessus -v nessus (Nessus) 2.0.10 for FreeBSD thanks a lot... _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
