Robin Wood wrote: > Hi > I posted this to the pen-testing mailing list but someone suggested > posting to here so I'm giving it a try. > > I've just installed nessus on a new machine and when I try to scan a > target I always get back an empty report message. I've got wireshark > running and no traffic gets sent from the scanner so the standard > answer to this problem of it being a ping issue doesn't help here. > > The machines I've tried scanning are on my local network, all respond > to pings and are are up and not firewalled in any way. I can connect > to the machines via ssh, http and as already said, I can ping them. > I've also tried scanning localhost with no luck. The machine all this > is on has one NIC which is up and is running fine, no special settings > or anything like that. The client can successfully login to the server > and receive the plugin list so that part of the communication is > working successfully. > > I've turned log_whole_attack on but the log file isn't showing anything > unusual: > > [Tue Nov 11 22:21:13 2008][26685] nessusd 2.2.9. started > [Tue Nov 11 22:21:21 2008][26685] connection from 127.0.0.1 > [Tue Nov 11 22:21:21 2008][26692] Client requested protocol version 12. > [Tue Nov 11 22:21:21 2008][26692] successful login of robin from 127.0.0.1 > > I had this problem with another machine ages ago and (I think) it > turned out to be a kernel module that I was missing. I've tried > googling to find the fix that I found last time but I can't find it. > > Both the client and server are running on an Archlinux distro and are > installed from the Arch package. >
Hi Robin, I'm not that familiar with Archlinux and have not looked at their Nessus build. You could try building Nessus 2 from scratch by downloading directly from nessus.org. You should make sure to subscribe to the Nessus Home feed or Professional feed to make sure you have the latest vulnerability checks. There is always a possibility that whoever packaged Nessus didn't QA their build, include any plugins (redistributing Tenable plugins is not permitted) or left Nessus in a poorly configured state. If it is a kernel/driver issue, I'd try to sniff from a machine other than your Archlinux box just to make sure packets aren't on the wire and your NIC is missing them or something like that. You should also try scanning 127.0.0.1 to see if anything comes back. Your log also has no record of a scan starting which seems very odd. Ron Gula Tenable Network Security _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
