On Thu, Dec 22, 2005 at 09:58:10AM +0100, Mara Fernandez wrote:

> In the company where i'm working , we are doing a trail with 
> different VA tools, to decide which of them (or how many of 
> them :) ) we'll go to use in the future to test the system's 
> company.  
>   
> By know, we haven't got a linux server so we are using the  
> knoppix with the version 2.2.4 of nessus. This version isn't  
> updated with the last nasl but.....  

I'd urge you to find a way to use Nessus in its current form. Realize
that one of Nessus's strengths is that plugins are being revised and
added on a daily basis. I don't know when the Knoppix build was put
together, but given that 2.2.4 was released back in March and 2.2.5 in
July, you're probably missing several months worth of new plugins as
well as corrections to existing plugins. And that likely means you're
not seeing our adoption of CVSS scoring for risk assessment or a general
move away from banners when detecting flaws.

Oh, and understand too that Nessus 3 offers significantly better
performance than Nessus 2.2.

> I used previous versions of Nessus in other ocassions, with  
> knoppix too, and i hadn't got any problems with the credentials. 
> If i used a user wih administrative privileges in the scaned 
> system, i got some information like pach installed, registry 
> information, etc.  
>   
> Now i'm trying to do the same but a i don't get the same  
> information :(((( I configure the username and password in the  
> credentials tab but nessus don't make any kind of conection or 
> validation with this credentials in the system (i tested the 
> event viewer of the system and i didn't found it). 
>  
> What can be the problem? 

It's hard to say... What do you see in nessusd.messages and/or
nessusd.dump logfiles? Is this a general problem or only when scanning
specific hosts? Generally it's advisable to update to the latest plugins
when running into trouble like this... Can you burn another CD with the
latest plugins tarball?

> If i don't use any credential, Does nessus a Null session in the 
> system to get the information? I proved that but i did'nt got any 
> kind of information in the event viewer. 

Nessus needs credentials to access the registry remotely.

George
-- 
[EMAIL PROTECTED]
_______________________________________________
Nessus mailing list
[email protected]
http://mail.nessus.org/mailman/listinfo/nessus

Reply via email to