On Mar 23, 2006, at 5:13 PM, Datdamwuf Datdamwuf wrote:
I normally don't use Nessus for host based scans but have some SUN
boxes I want to try it on. The boxes are config'd so you can't log
in as root remotely.
If using SSH, what level of access is required to ensure all the
admin level plugins work correctly?
If you're running a regular version of Solaris (ie: NOT Trusted
Solaris), a regular user account will work. If you're indeed running
Trusted Solaris, you'll probably need root credentials :/
Also, during some testing it appears Nessus is flagging missing
patches on services that have been disabled. Is there any way,
other than the port being open, to tell from the report if the
services are actually in use?
No. The reasoning behind that is that the fact that the service is
not running right now does not mean it won't run tomorrow, and if the
service is not used then it costs nothing to patch it (since you
won't break anything). In other words, "better be safe than sorry".
-- Renaud
_______________________________________________
Nessus mailing list
[email protected]
http://mail.nessus.org/mailman/listinfo/nessus
