Hi George
By "events" i mean Log messages written in
*/opt/nessus/var/nessus/logs/nessus.messages
*file. I need to submit a report on all the log messages in this file so i
need to parse them but for that i need to have a knowledge of all the events
(log messages) format.
Please help...
On 11/15/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]>
wrote:
Send Nessus mailing list submissions to
[email protected]
To subscribe or unsubscribe via the World Wide Web, visit
http://mail.nessus.org/mailman/listinfo/nessus
or, via email, send a message with subject or body 'help' to
[EMAIL PROTECTED]
You can reach the person managing the list at
[EMAIL PROTECTED]
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Nessus digest..."
Today's Topics:
1. Re: Inconsistent results for VNC (Michel Arboi)
2. Plugin dependency (Doty, Timothy T.)
3. Nessus 3 Log messages (summy mittal)
4. Nessus 3 Plugin events (summy mittal)
5. Changed IP Address - Null results (Demosthenes Pasadis)
6. Re: Changed IP Address - Null results (Doug Nordwall)
7. Re: Plugin dependency (George A. Theall)
8. Re: Nessus 3 Log messages (George A. Theall)
----------------------------------------------------------------------
Message: 1
Date: Tue, 14 Nov 2006 18:55:44 +0100
From: Michel Arboi <[EMAIL PROTECTED]>
Subject: Re: Inconsistent results for VNC
To: [EMAIL PROTECTED]
Cc: [email protected]
Message-ID: <[EMAIL PROTECTED]>
Content-Type: text/plain; charset=us-ascii
On Tue Nov 14 2006 at 17:14, Bob Babcock wrote:
> The remote VNC server chose security type #0 (Invalid)
Sorry, there is a bug, I misread the specification of the protocol.
0 = connection refused, even in version 3.3.
I fix the script...
------------------------------
Message: 2
Date: Tue, 14 Nov 2006 16:42:32 -0600
From: "Doty, Timothy T." <[EMAIL PROTECTED]>
Subject: Plugin dependency
To: <[email protected]>
Message-ID:
<[EMAIL PROTECTED]>
Content-Type: text/plain; charset="us-ascii"
I noticed recently that a plugin I had disabled (10395) is still showing
up
in scans. I'm assuming that a plugin that is enabled requires it -- auto
enable dependencies is turned on and silent dependencies is turned off so
if
there is a dependent plugin I would expect this. This situation leads me
to
a question: is there a reasonable way to get a list of what plugins depend
on another?
Tim Doty | Information Technology
Systems Security Analyst | University of Missouri - Rolla
E-Mail: [EMAIL PROTECTED] | 104 Computer Science Bldg.
Fax: (573) 341-4216 | 1870 Miner Circle
Voice: (573) 341-7844 | Rolla, MO 65409-0360
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 7266 bytes
Desc: not available
Url :
http://mail.nessus.org/pipermail/nessus/attachments/20061114/41d6c760/smime.bin
------------------------------
Message: 3
Date: Wed, 15 Nov 2006 10:09:49 +0530
From: "summy mittal" <[EMAIL PROTECTED]>
Subject: Nessus 3 Log messages
To: [email protected]
Message-ID:
<[EMAIL PROTECTED]>
Content-Type: text/plain; charset="iso-8859-1"
I'm using Nessus 3.0.4 server on Linux ES 3. I need the list of all the
possible events generated by the Nessus 3 server.
Can anyone provide me the list of all the possible events generated by
Nessus 3 ??
--
Regards
Mittal, Vinay
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://mail.nessus.org/pipermail/nessus/attachments/20061114/cb335df7/attachment.htm
------------------------------
Message: 4
Date: Wed, 15 Nov 2006 10:13:22 +0530
From: "summy mittal" <[EMAIL PROTECTED]>
Subject: Nessus 3 Plugin events
To: [email protected]
Message-ID:
<[EMAIL PROTECTED]>
Content-Type: text/plain; charset="iso-8859-1"
Can anybody help me to generate Plugin related events on Nessus 3. I
changes
the nessusd.conf file parameter *log_whole_attack *to yes still not
getting
the plugin events. It's crucial for my project.
--
Regards
Mittal, Vinay
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://mail.nessus.org/pipermail/nessus/attachments/20061114/1327f8fe/attachment.htm
------------------------------
Message: 5
Date: Wed, 15 Nov 2006 00:06:23 -0500
From: "Demosthenes Pasadis" <[EMAIL PROTECTED]>
Subject: Changed IP Address - Null results
To: <[email protected]>
Message-ID:
<[EMAIL PROTECTED]>
Content-Type: text/plain; charset="us-ascii"
Everything worked fine until I changed the IP address of the FC6 box.
Now all my scan results come out null.
I use NessusClient 1.0.1. It downloads the plugins fine. I created new
certificates for the server and the users and then rebooted, but that
didn't do it.
Help would be appreciated. Many thanks.
Demosthenes
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://mail.nessus.org/pipermail/nessus/attachments/20061115/0aaec2fb/attachment.htm
------------------------------
Message: 6
Date: Tue, 14 Nov 2006 21:15:50 -0800
From: "Doug Nordwall" <[EMAIL PROTECTED]>
Subject: Re: Changed IP Address - Null results
To: "Demosthenes Pasadis" <[EMAIL PROTECTED]>
Cc: [email protected]
Message-ID:
<[EMAIL PROTECTED]>
Content-Type: text/plain; charset="iso-8859-1"
take a few of the IPs that are coming up blank and see if you can ping
them
or traceroute to them. check the route. use nmap to see if you can port
scan
them. see if you can connect to a port like ssh from the server. It can
get
packages, which means it can get somewhere, but without knowledge of how
your network is structured, I couldn't say what's blocking it. If your
site
has client based firewalls centrally managed, a change in IP would move
you
out of the whitelist and on to blank scans. if you have a divided network,
you might be able to route out but not into other parts of the net.
there are a lot of reasons why this wouldn't work
On 11/14/06, Demosthenes Pasadis <[EMAIL PROTECTED]> wrote:
>
> Everything worked fine until I changed the IP address of the FC6 box.
> Now all my scan results come out null.
>
>
>
> I use NessusClient 1.0.1. It downloads the plugins fine. I created new
> certificates for the server and the users and then rebooted, but that
didn't
> do it.
>
>
>
> Help would be appreciated. Many thanks.
>
>
>
> Demosthenes
>
>
>
>
>
> _______________________________________________
> Nessus mailing list
> [email protected]
> http://mail.nessus.org/mailman/listinfo/nessus
>
>
--
Doug Nordwall
Unix, Network, and Security Administrator
Noise proves nothing. Often a hen who has merely laid an egg cackles as if
she laid an asteroid. -- Mark Twain
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://mail.nessus.org/pipermail/nessus/attachments/20061115/4e1c3c1f/attachment.htm
------------------------------
Message: 7
Date: Wed, 15 Nov 2006 09:18:36 -0500
From: "George A. Theall" <[EMAIL PROTECTED]>
Subject: Re: Plugin dependency
To: [email protected]
Message-ID: <[EMAIL PROTECTED]>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
On Tue, Nov 14, 2006 at 04:42:32PM -0600, Doty, Timothy T. wrote:
> is there a reasonable way to get a list of what plugins depend
> on another?
Noam Rathaus wrote a tool named plugin_depend.pl that was included in
the book "Nessus Network Auditing". If you don't have a copy, you can
probably find one through Google.
Other than that, there's no good way that I know of short of looking at
the source.
George
--
[EMAIL PROTECTED]
------------------------------
Message: 8
Date: Wed, 15 Nov 2006 09:25:37 -0500
From: "George A. Theall" <[EMAIL PROTECTED]>
Subject: Re: Nessus 3 Log messages
To: [email protected]
Message-ID: <[EMAIL PROTECTED]>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
On Wed, Nov 15, 2006 at 10:09:49AM +0530, summy mittal wrote:
> Can anyone provide me the list of all the possible events generated by
> Nessus 3 ??
If by "events" you mean attacks or packets, there is no such list.
You'll need to develop one yourself by studying the plugins, if you're
interested.
George
--
[EMAIL PROTECTED]
------------------------------
_______________________________________________
Nessus mailing list
[email protected]
http://mail.nessus.org/mailman/listinfo/nessus
End of Nessus Digest, Vol 37, Issue 13
**************************************
--
Regards
Mittal, Vinay
_______________________________________________
Nessus mailing list
[email protected]
http://mail.nessus.org/mailman/listinfo/nessus
