On May 24, 2006, at 6:19 PM, Gentoo-Wally wrote:
Nessus 2.2.8 is included in a product I use. I just realized that it
only contains the GPL plugins, which makes since I guess. So I
registered for the registered feed, got my code, and contacted the
provider about getting access to the box to register the scanner and
change the update method, but they told me I could not register the
scanner because it came with a product and was not directly
downloaded/installed by me from www.nessus.org. That seemed a little
odd, so I asked them if there was some difference between what they
ship and what I would download and they said no. I thought they might
just be giving me the run around, so I looked at the licensing FAQ and
it looks like they are right. Is this correct?
This is correct (see the plugins EULA). The problem is that some
vendors do apply unverified 3rd party patches (ie: Debian's which are
all unapproved) or custom paths, while others will sell an appliance
on which the end-user does not even have administrative access to.
We can not sell a plugin feed and garantee that it will work properly
on such an installation, because in case of a problem (ie: plugins
not working as expected), either the user won't be able to diagnose
it (no access to the appliance) or we will have a hard time
understanding what the issue is until we figure out what the vendor
broke (custom patches).
In most case, it also prevents the end-user from upgrading the
version of Nessus provided with their product if they want to keep
their support contracts with their vendors.
Therefore it's extremely hard for us to sell a feed and garantee that
it will work on such a setup (not to say impossible) as we have to
rely on a vendor (which has had no contact with us prior to reselling
Nessus as part of their offering) to garantee that nessusd works
properly -- hence this clause in the EULA.
Assuming they are
correct, What if I uninstall the nessus they shipped and install one I
download from the web site. Can I register my scanner then?
Yes, because if you do so, then you regain control over the scanner.
However, you should first verify your support contract with your
vendor prior to doing this.
-- Renaud
_______________________________________________
Nessus mailing list
[email protected]
http://mail.nessus.org/mailman/listinfo/nessus
