George A. Theall wrote: > On Oct 27, 2008, at 10:13 AM, Rich Whitcroft wrote: > > >> Not sure I'm understanding what this option does. >> > > It causes Nessus to list each host in a report by its MAC address > rather than an IP or hostname. > > >> I scanned a host with >> the command line interface (nessus -q localhost 1241 ...etc) to a NBE >> file, then set use_mac_addr = yes, and re-scanned the same host, but >> the >> output files are identical. >> I expected to see the mac address somewhere >> in the nbe file. >> > > Did Nessus detect the host as up? > > Did you make the change in the server or client configuration file? > [The client configuration file takes precedence.] > > Does the setting appear in the SERVER_PREFS block? Is there only 1 > instance? > > George >
The host was up and I got several vulnerabilities in the nbe file. The use_mac_addr is located in the SERVER_PREFS block of both the .nessusrc and the main config file. $ grep use_mac_addr ~/.nessusrc use_mac_addr = yes $ sudo grep use_mac_addr /opt/nessus/etc/nessus/nessusd.conf use_mac_addr = yes $ echo a.b.c.d >/tmp/scan $ nessus -q localhost 1241 <uname> <pw> /tmp/scan /tmp/scan.out -T nbe The scan finishes and I get results in /tmp/scan.out, but no mac address is present; each 'results' line looks like: $ cut -d\| -f1-3 /tmp/scan.out | head timestamps|| timestamps||a.b.c.d results|a.b.c|a.b.c.d results|a.b.c|a.b.c.d results|a.b.c|a.b.c.d results|a.b.c|a.b.c.d results|a.b.c|a.b.c.d results|a.b.c|a.b.c.d results|a.b.c|a.b.c.d results|a.b.c|a.b.c.d (actual IP removed) _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
