Hi!
I’m a relative newbie to Linux but have been given the task to undertake the installation of Nessus on a laptop to use as a machine to test for vulnerabilities on servers.
I’ve installed RedHat 9 (including latest updates) on a Toshiba Satellite Pro 6100 (Pentium 4, 1700MHz CPU) with 512MB RAM, and then installed Nessus 2.2.7 (via the source code, as I couldn’t get the installer to work.)
I’ve created a user for the Nessus client, but I can’t get the Update Plugins to install automatically.
The Nessus web site says, for a manual update to the plugins, you need to register and then follow the instructions in the e-mail you are sent, which tells you to execute the following command:
/opt/nessus/bin/nessus-fetch --register xxxx-xxxx-xxxx-xxxx-xxxx
I’ve tried this but this gives the output: “bash: /opt/nessus/bin/nessus-fetch: No such file or directory”, as there is nothing in the /opt/ folder!
There are, though, copies of ‘nessus-fetch’ in /usr/local/bin/ & /root/nessus-core/nessu-fetch/
If I try swapping these locations into the command to execute, above, I still get, though:
“could not connect to plugins.nessus.org – Operation now in progress”
And nothing happens.
I can download the “all-2.0.tar.gz” file and extract it though, but don’t know where to put the “*.nasl” files that come from it! (That’s if it’s actually possible to configure the software/updates this way!?
I did then try typing-in:
“/root/nessus-core/nessu-fetch/ --plugins”
And I got the output:
“Could not locally open all-2.0.ta.gz – file exists”!
We run a proxy server, though you don’t have to log-in to get to the Internet. I’ve got the Mozilla browser configured, that comes with RedHat, with the Manual proxy configuration for our proxy server and port (under ‘Edit’ > ‘Preferences’ > ‘Advanced’ > ‘Proxies’) for HTTP, SSL, FTP, Gopher & SOCKS (v.5), and have also configured the ‘Network Proxy’, under ‘Preferences’ (in RedHat), manually with the same settings as in the browser.
I’ve come across the file, “nessus-update-plugins.8”, at: /root/nessus-plugins/docs/ which says, under ‘PROXIES’, “If you are behind a web proxy, then read the manual page of nessus-fetch to configure nessus-fetch with a proper proxy support.”
I’ve found “nessus-fetch.1”, of manual page type, and gone down to the “PROXY SUPPORT” section, where it says,
“If you need to connect to the internet through a proxy, nessus-fetch can be configured to use one. Simply edit the file
nessus-fetch.rc
and add the following lines, changing the appropriate values where necessary:
proxy=192.169.0.1
proxy_port=3128
proxy_username=renaud
Proxy_password=s3cr3t”
Unfortunately I cannot find a “nessus-fetch.rc” file, though I did find a ‘nessus-fetch.c’ file located at:
/root/nessus-core/nessus-fetch/
Though not sure of any definite place within this file that could be edited with the above text!
Help!!! Can anyone advise me how I can get this set-up to update the plugins automatically, or, if not, where I might be able to place the NASL files/plugins/updates I’ve already extracted?
Thanks! I’m in a bit of a rush for this! Need it sorted by the end of the afternoon, if possible!!!!!
Brendan B.
Brendan BUSH - WAO ICT/ Adran TGaCh SAC
Research & Development Officer/ Swyddog Ymchwil a Datblygiad
Deri House, 2-4, Park Grove, CARDIFF, CF10 3PA.
E-mail/E-bost: [EMAIL PROTECTED]
Tel. no./Rhif. ffon.: (029) 2026-2635
Mob. no./Rhif symudol.: 07779 625536
This email and any attached files is private. If you are not the intended recipient please destroy all copies and inform the sender by return e-mail.
This message has been scanned for viruses by BlackSpider MailControl.
For further information on the Wales Audit Office and details of other ways to contact us please visit our website at www.wao.gov.uk.
Mae'r ebost hwn ac unrhyw ffeiliau atodedig yn breifat. Os nad atoch chi y bwriadwyd anfon yr ebost hwn dylech ddinistrio pob copi a hysbysu'r anfonwr drwy anfon ebost yn ôl atynt.
Mae'r neges hon wedi cael ei harchwilio am firysau gan BlackSpider MailControl
I gael gwybodaeth bellach am Swyddfa Archwilio Cymru a manylion am ffyrdd eraill o gysylltu â ni, ewch i'n gwefan.
_______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
