Alejandro dijo:
Dear all,
I have installed nessus 2.2.3 on my Debian Sarge 3.1 machine. I have
2286 plugins installed, so I want to update my plugin list. Then I execute:
(...)
"Unknown error while decoding HTTP response (http error code = 1073933061)"
Yes, this is a known bug which I will try to fix through Debian's
proposed-updates (but it might take a while). For more information see
Bug #310740 [1]. You have to upgrade to 2.2.4 or later. Right now, I
don't have time to produce backported packages for Debian [2] so that
means you have to use the packages from testing/unstable (currently
2.2.7 but I just uploaded 2.2.8 packages which should get in shortly)
There's several ways to run the latest Nessus Debian packages (if you
want to use them) in a Debian stable system:
- Install a testing or unstable chroot to run the nessus server. You can
use 'debootstrap' [3] for this: install a minimal system, install the
Nessus server there and then use the (stable) Nessus client to connect
to it.
For full steps on how to setup a debootstrap refer to section "8.6.35.1
Run a different Debian distribution with chroot"
(http://www.debian.org/doc/manuals/reference/ch-tips.en.html) in the
Debian Reference Guide
- Recompile the Debian packages in testing. You have to add a 'deb-src'
line in /etc/apt/sources.list pointing to 'testing', run 'apt-get source
--build nessusd' to download the latest sources and build them. And then
install the resulting packages.
- "Upgrade" your system with the packages in testing: change the
/etc/apt/sources.list to point to 'testing' (currently codenamed 'etch')
instead of 'stable' (currently codename 'sarge'), and then run 'aptitude
install nessusd'. If you want to run testing fully (instead of a mixed
stable/testing system) first run: 'aptitude dist-upgrade'.
I tend to favor the first two ones, as the last one will leave you with
a system which is half stable-half testing and, consequently, not
supported with security patches from the Debian Security Team. There is
now support for security fixes in Debian's testing (provided by the
Debian Security Testing Team), so for some people that might be an
option now.
Of course, you can also use Tenable's Nessus 3.0.3 packages for Debian
GNU/Linux (http://www.nessus.org/download/), but I guess you know that
already.
Hope this helps,
Javier
[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=310740
[2] Long time Debian users might remember that I used to do this and
provided them at http://people.debian.org/~jfs/nessus/
[3]
http://manpages.debian.net/cgi-bin/display_man.cgi?id=979b6659f1505e7d44a1e914f4875868&format=html
_______________________________________________
Nessus mailing list
[email protected]
http://mail.nessus.org/mailman/listinfo/nessus
