Renaud, Nicolas,
Never mind, I figured it out. You guys released a bunch of new Fedora Core 6 plugins over the past week. Those plugins call rpm_check (in rpm.inc) with the parameter 'release: FC6'. Unfortunately, you forgot to test for 'release == FC6' in rpm.inc. I added that line, stopped nessusd, rebuilt plugins-code.db, started nessusd, and re-ran the scan. Problem solved. I trust you'll fix rpm.inc soon. Those new fedora plugins were released on Jan 17, which means they hit the registered feed on the 24th (Wed), right? John Scherff ________________________________ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Scherff Sent: Saturday, January 20, 2007 1:05 PM To: Renaud Deraison; Nicolas Pouvesle Cc: Justin Kwong; Nessus List; Jesse Mauntel Subject: RE: SSH Credentials problem Renaud, Nicolas, The problem persists. Below is a series of tests I performed along with the results. (All tests conducted with Nessus 3.0.5 for ES4. The problem also occurred under Nessus 3.0.4, prior to upgrading). Note the additional (possibly related) problem that plugin 19506 does not report correct plugin information after running nessus-update-plugins unless the .db files are deleted from /opt/nessus/var/nessus. I'm willing to send you more sensitive information and files off-list on your request. ======================================== TEST 1: - Stopped nessusd - Uninstalled Nessus - Saved /opt/nessus/etc/nessus/nessus-fetch.rc - Deleted the /opt/nessus and ~/.nessus directories - Re-installed Nessus (Nessus-3.0.5-es4.i386.rpm) - Restored /opt/nessus/etc/nessus/nessus-fetch.rc - Re-created Nessus users - Ran /opt/nessus/sbin/nessus-update-plugins (no errors) - Started nessusd (no errors) - Performed the scan (same NessusClient, target, configuration) RESULTS 1: - The 'find_service.nes ... could not be found' messages are gone - Target host, a fully-patched RHEL4 system, still shows 12 missing Fedora patches (plugins 24049, 24051, 24052, 24054, 24067, 24077, 24078, 24188, 24189, 24196, 24229, and 24231) - Plugin 19506 ERRONEOUSLY reports 'Plugin feed version : 200701050232' and 'Type of plugin feed : Release', even though plugin_feed_info.inc shows 'PLUGIN_SET = 200701200615' and 'PLUGIN_FEED = Direct' ======================================== TEST 2: - Stopped nessusd - Removed .db files from /opt/nessus/var/nessus - Started nessusd - Performed the scan (same NessusClient, target, configuration) RESULTS 2: - Target host still shows the same 12 missing Fedora patches - Plugin 19506 now CORRECTLY reports 'Plugin feed version : 200701200615' and 'Type of plugin feed : Direct' ======================================== TEST 3: - Installed Nessus on a 'clean' server - Did not register or run nessus-update-plugins - Created nessus users - Started nessusd - Performed the scan (same NessusClient, target, configuration) RESULTS 3: - No errors. Target host shows no missing patches - Plugin 19506 CORRECTLY reports 'Plugin feed version : 200701050232' and 'Type of plugin feed : Release' ======================================== TEST 4: - Stopped nessusd on 'clean' server - Registered Nessus (CE9D-50F1-F4F3-9862-1868) - Running 'nessus-fetch --register' retrieved newest plugin set - Started nessusd - Performed the scan (same NessusClient, target, configuration) RESULTS 4: - No errors. Target host shows no missing patches - Plugin 19506 ERRONEOUSLY still reports 'Plugin feed version : 200701050232' and 'Type of plugin feed : Release', even though plugin_feed_info.inc shows 'PLUGIN_SET = 200701200615' and 'PLUGIN_FEED = Registered (7 days delay)' ======================================== TEST 5: - Stopped nessusd on 'clean' server - Removed .db files from /opt/nessus/var/nessus - Started nessusd - Performed the scan (same NessusClient, target, configuration) RESULTS 5: - No errors. Target host shows no missing patches - Plugin 19506 now CORRECTLY reports 'Plugin feed version : 200701200615' and 'Type of plugin feed : Registered (7 days delay)' ======================================== - John Scherff -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Renaud Deraison Sent: Saturday, January 20, 2007 7:34 AM To: Nessus List Subject: Re: SSH Credentials problem On Jan 20, 2007, at 12:06 PM, John Scherff wrote: > Follow-up (see below): I see a large number of "<service> depends > on find_service.nes which could not be found" in the > nessusd.messages log file. I do not see this same error when > scanning from a freshly-installed server. I see it only on the > 'direct-feed' server. It seems like you've done a "rm /opt/nessus/lib/nessus/plugins/*" which you really, really don't want to do. Re-install Nessus to fix this. -- Renaud_______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
_______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
