Hi List
How can scan windows XP sp2 with firewall enable setting..
Thanks
Nagendra
On 4/10/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]
> wrote:
Send Nessus mailing list submissions to
[email protected]
To subscribe or unsubscribe via the World Wide Web, visit
http://mail.nessus.org/mailman/listinfo/nessus
or, via email, send a message with subject or body 'help' to
[EMAIL PROTECTED]
You can reach the person managing the list at
[EMAIL PROTECTED]
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Nessus digest..."
Today's Topics:
1. Re: Nessus 3 OS X - login credentials?? (Kelly M)
2. nessus-mkcert and client (mudyo26 CryptoMail User )
3. RE: Nessus 3 OS X - login credentials?? (Dan Bowman)
4. Can not scan out side of the server (Norm)
5. Re: nessus-mkcert and client (George A. Theall)
6. PLUGIN BUG REPORT (?) (John Scherff)
7. os_send(4) failed -- Broken pipe (mudyo26 CryptoMail User )
8. Re: os_send(4) failed -- Broken pipe (Renaud Deraison)
----------------------------------------------------------------------
Message: 1
Date: Sun, 9 Apr 2006 15:29:52 -0400
From: "Kelly M" <[EMAIL PROTECTED]>
Subject: Re: Nessus 3 OS X - login credentials??
To: "Nessus List" < [email protected]>
Message-ID:
<[EMAIL PROTECTED] >
Content-Type: text/plain; charset=ISO-8859-1
On 4/9/06, Renaud Deraison <[EMAIL PROTECTED]> wrote:
> When Nessus gets installed on OSX, credentials are created under /
> Library/Nessus/Connections.xml. By default, only users in the admin
> group can read this file - if you're launching the Nessus Client as a
> non-admin, you may do 'chmod 0644 /Library/Nessus/Connections.xml'.
Thanks Renaud that's exactly what I was looking for. :)
> You can also create a user by doing /Library/Nessus/run/nessus-
> adduser from the terminal.
> (graphical user management is next on our list of things to do).
After Dan's reply (but before I saw yours), I used the
Spotlight-enhanced 'mdfind' command (much faster than a standard Unix
'find'), I found the familiar tool nessus-adduser was placed in:
/Library/Nessus/i386/sbin/nessus-adduser, along with the other tools
like nessus-rmuser and such. For PowerPC users it's
/Library/Nessus/ppc/sbin/*. However I like how /Library/Nessus/run/ is
setup to one of these directories automatically for ease-of-use.
Neither are normally in my $PATH.
Someone should update the installation manual to include OS X specifics. :)
Thanks guys,
Kelly
------------------------------
Message: 2
Date: Sun Apr 09 20:06:00 EDT 2006
From: "mudyo26 CryptoMail User " < [EMAIL PROTECTED]>
Subject: nessus-mkcert and client
To: [email protected]
Message-ID: < [EMAIL PROTECTED]>
Content-Type: TEXT/PLAIN; CHARSET=US-ASCII
If nessus server and client are on the same host , do we need to run
nessus-mkcert ? and nessus-mkcert-client ?( Nessus version 3.0.2)
In case nessus-mkcert-client has to be run , to which directory are the output files copied?
What are the steps to do that.
!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+
CryptoMail provides free end-to-end message encryption.
http://www.cryptomail.org/ Ensure your right to privacy.
Traditional email messages are not secure. They are sent as
clear-text and thus are readable by anyone with the motivation
to acquire a copy.
!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+
------------------------------
Message: 3
Date: Sun, 9 Apr 2006 21:13:25 -0400
From: "Dan Bowman" < [EMAIL PROTECTED]>
Subject: RE: Nessus 3 OS X - login credentials??
To: "'Nessus List'" <[email protected] >
Message-ID: <[EMAIL PROTECTED]>
Content-Type: text/plain; charset="us-ascii"
Noted, will do.
-----Original Message-----
From: [EMAIL PROTECTED]
Sent: Sunday, April 09, 2006 15:30
To: Nessus List
Subject: Re: Nessus 3 OS X - login credentials??
Someone should update the installation manual to include OS X specifics. :)
------------------------------
Message: 4
Date: Sun, 09 Apr 2006 19:58:26 -0700
From: Norm < [EMAIL PROTECTED]>
Subject: Can not scan out side of the server
To: [email protected]
Message-ID: <[EMAIL PROTECTED] >
Content-Type: text/plain; charset="us-ascii"
I have Nessus 3 setup but it can only scan within the server nessus is
set up on. I can scan using either localhost or 127.0.0.1 as the
target, but I do not receive a result if I scan using the nat supplied
number nor can I scan my nat using my ISP supplied address.I also do not
seem to be able to scan any other address beyond my nat
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.nessus.org/pipermail/nessus/attachments/20060409/8f1938b6/attachment.html
------------------------------
Message: 5
Date: Mon, 10 Apr 2006 09:47:17 -0400
From: "George A. Theall" <[EMAIL PROTECTED]>
Subject: Re: nessus-mkcert and client
To: [email protected]
Message-ID: <[EMAIL PROTECTED] >
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
On Mon, Apr 10, 2006 at 12:07:35AM +0000, mudyo26 CryptoMail User wrote:
> If nessus server and client are on the same host , do we need to run
> nessus-mkcert ? and nessus-mkcert-client ?( Nessus version 3.0.2)
Use nessus-mkcert if you want to encrypt communications between the
client and server using SSL / TLS1. This is how Nessus expects to
operate by default. If you're not concerned about this (eg, because your
client and server are on the same machine), you could set "ssl_version =
NONE" in nessusd.conf as well as in your client config(s) to have
traffic unencrypted. This setting affects the server in general, so if
you anticipate needing to use a remote client, this would not be a good
idea.
nessus-mkcert-client is needed only if you want to authenticate Nessus
users with a certificate rather than a password.
> In case nessus-mkcert-client has to be run , to which directory are the output files copied?
> What are the steps to do that.
The client key / cert, key_${user}.pem and cert_${user}.pem
respectively, are left in a scratch directory, which will be reported
when you run nessus-mkcert-client. They will need to be copied manually
somewhere that the client can access. Personally, I use
~${user}/.nessus, but anywhere will work.
George
--
[EMAIL PROTECTED]
------------------------------
Message: 6
Date: Mon, 10 Apr 2006 07:19:11 -0700
From: "John Scherff" < [EMAIL PROTECTED]>
Subject: PLUGIN BUG REPORT (?)
To: <[email protected]>
Cc: Bill Bezemek < [EMAIL PROTECTED]>
Message-ID:
<[EMAIL PROTECTED]>
Content-Type: text/plain; charset="us-ascii"
After performing authenticated scans against three newly-built, newly
patched RHEL4 x86_64 servers, Nessus erroneously reports 6 missing
patches. The Nessus IDs and associated Red Hat Security Advisories for
these missing patches are:
21134 - RHSA-2006-0264
20104 - RHSA-2005-808
18095 - RHSA-2005-366
17183 - RHSA-2005-092
19989 - RHSA-2005-092
18444 - RHSA-2005-420
We ran up2date -fu moments before the scan. We re-booted into the new
kernel and verified the new kernel was running before the scan was
conducted. The output from uname -a just prior to the scan was:
Linux <hostname>.24hourfit.com 2.6.9-34.ELsmp #1 SMP Fri Feb 24 16:56:28
EST 2006 x86_64 x86_64 x86_64 GNU/Linux
- John Scherff
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.nessus.org/pipermail/nessus/attachments/20060410/693da6d3/attachment.htm
------------------------------
Message: 7
Date: Mon Apr 10 10:11:46 GMT-05:00 2006
From: "mudyo26 CryptoMail User " <[EMAIL PROTECTED] >
Subject: os_send(4) failed -- Broken pipe
To: [email protected], [EMAIL PROTECTED]
Message-ID: < [EMAIL PROTECTED]>
Content-Type: TEXT/PLAIN; CHARSET=US-ASCII
I am getting the message in nessusd.dump file -
[32212] os_send(4) failed -- Broken pipe
[32215] os_send(4) failed -- Broken pipe
[32223] os_send(4) failed -- Broken pipe
After this nessusd daemon gets killed on its own.
nessus version 3.0.2 , OS - FC4
The scans do run for couple of hours and this happens. I am scanning
couple of Class C's but for a limited port range.
Any ideas?
!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+
CryptoMail provides free end-to-end message encryption.
http://www.cryptomail.org/ Ensure your right to privacy.
Traditional email messages are not secure. They are sent as
clear-text and thus are readable by anyone with the motivation
to acquire a copy.
!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+
------------------------------
Message: 8
Date: Mon, 10 Apr 2006 11:19:11 -0400
From: Renaud Deraison <[EMAIL PROTECTED]>
Subject: Re: os_send(4) failed -- Broken pipe
To: mudyo26 CryptoMail User <[EMAIL PROTECTED] >, Nessus List
<[email protected]>
Message-ID: <[EMAIL PROTECTED] >
Content-Type: text/plain; charset=US-ASCII; format=flowed
On Apr 10, 2006, at 10:11 AM, mudyo26 CryptoMail User wrote:
>
>
> I am getting the message in nessusd.dump file -
>
> [32212] os_send(4) failed -- Broken pipe
> [32215] os_send(4) failed -- Broken pipe
> [32223] os_send(4) failed -- Broken pipe
>
> After this nessusd daemon gets killed on its own.
>
> nessus version 3.0.2 , OS - FC4
>
> The scans do run for couple of hours and this happens. I am scanning
> couple of Class C's but for a limited port range.
Could you send me the output of 'nessus-bug-report-generator' ?
Thanks,
-- Renaud
------------------------------
_______________________________________________
Nessus mailing list
[email protected]
http://mail.nessus.org/mailman/listinfo/nessus
End of Nessus Digest, Vol 30, Issue 9
*************************************
--
Thanks & Regards
Nagendra Pratap
9818047234
_______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
