Plugin 34460
Hello, I scanned an LDAP server and got : Port commplex-main (5000/tcp) Obsolete Web Server Detection Synopsis : The remote web server is obsolete. Description : According to its version, the remote web server is obsolete and no longer maintained by its vendor or provider. A lack of support implies that no new security patches are being released for it. Solution : Upgrade to a newer version or switch to another server. Risk factor : High / CVSS Base Score : 7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P) Plugin output : Netscape-Enterprise/6.0 support ended. Upgrade to Sun Java System Web Server 6.1 or 7.0. See also : http://www.sun.com/software/products/web_srvr/lifecycle.xml Nessus ID : 34460 -- BUT a check on SUN site says : Version Name Status Last Order Date End-of-Service Life Date Comments 7.0 Java System Web Server Shipping TBD TBD Update 1 most current release 6.1 Java System Web Server Shipping TBD TBD Service Pack 8 most current release. 6.0 Sun ONE Web Server End-of-Service Life - Limited Support March 2005 June 2010 Service Pack 11 is most current release. Product licenses are no longer available. 4.1 iPlanet Web Server End-of-Service Life - No Support June 2002 March 2004 Service Pack 14 is last release. Product licenses and support are no longer available. 4.0 iPlanet Web Server/Netscape Enterprise Server End-of-Service Life - No Support October 2001 December 2002 Product and support no longer available. 3.6 Netscape Enterprise Server End-of-Service Life - No Support Product and support no longer available. IMHO, this version is supported till JUNE 2010, hence this seems to be a false positive Cordialement / Mit freundlichen Gren / Best regards, Patrice ARNAL Alcatel-Lucent 1rte Dr A.Schweitzer 67408 - ILLKIRCH - FRANCE Email: [EMAIL PROTECTED] Phone: +33 (0) 3 90 67 99 22 / 2197 99 22 Mobile: +33 (0) 6 07 67 68 08 Fax:+33 (0) 3 90 67 72 07 ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
Batch scans : .nessusrc vs .nessus configurations
Hello I am currently using a key exchange authentication between nessus client and nessus server. When using a .nessusrc configuration file for batch scans, I can put the login/cert/key information in it and log on without password, even if the command line remains : /opt/nessus/bin/nessus -q -c My_Laptop.nessusrc localhost 1241 secadm password targets results.nbe But how can I achieve the same with a .nessus file? /opt/nessus/bin/nessus -q --dot-nessus My_Laptop.nessus --policy-name batch_policy localhost 1241 secadm password ends in login failed . When I run NessusClient My_Laptop.nessus , I can connect without password. I fear that the login information is kept in a global file out of the My_Laptop.nessus file... -- Cordialement / Mit freundlichen Grüßen / Best regards, Patrice ARNAL Alcatel-Lucent ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
Nessus and Skype on Linux platforms
Hello, According to my own experience and to https://bugs.launchpad.net/ubuntu/+source/qt4-x11/+bug/115970 This has been confirmed with one reporter to be caused by nessus which installs its own copy of Qt4. The nessus installation on Ubuntu breaks the QT4 library and prevents skype from running... Is there a reason to package QT4 with Nessus? P Arnal ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
Nessus Client 3.2
Hello everybody, I found the FILTER button very useful on the new client interface.. But ( in cauda venenum ) should it be possible to save the filter request. For instance, a current request is to check the information about this scan plugin output. Thanks -- Cordialement / Mit freundlichen Grüßen / Best regards, Patrice ARNAL Alcatel-Lucent begin:vcard fn:Patrice ARNAL n:ARNAL;Patrice org:ALCANET;IO DataCenter adr:;;1 route du Dr Albert Schweitzer;ILLKIRCH-GRAFFENSTADEN;Elsass;67400;FRANCE email;internet:[EMAIL PROTECTED] title:Security manager tel;work:+33 3 90 67 9922 tel;cell:06 07 67 68 08 x-mozilla-html:FALSE version:2.1 end:vcard ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
Plugin 31422
Hello, I need some explanations on the way this plugin works. The code associated seems to be more OS identification related than reverse nat / proxy / traffic shaper related. I first noticed this plugin when scanning a real reverse proxy in our infrastructure, but now it seems to be fired on almost each scan I do. Before asking some explanations to our network team, I need to know how this plugin works, almost in its methods. Thank you very much. -- Cordialement / Mit freundlichen Grüßen / Best regards, Patrice ARNAL Alcatel-Lucent begin:vcard fn:Patrice ARNAL n:ARNAL;Patrice org:ALCANET;IO DataCenter adr:;;1 route du Dr Albert Schweitzer;ILLKIRCH-GRAFFENSTADEN;Elsass;67400;FRANCE email;internet:[EMAIL PROTECTED] title:Security manager tel;work:+33 3 90 67 9922 tel;cell:06 07 67 68 08 x-mozilla-html:FALSE version:2.1 end:vcard ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
Incomplete plugin list
Hello Using Nessus-Client 3.0.1 and nessusd 3.1.9 on a Suse 10 box, I tried to check the latest Microsoft bulletins. When I open/expand the Microsoft Bulletins in the client's interface, I did not found the Vulnerability in Microsoft Office Could Allow Remote Code Execution (947108) in the list. If I click on the find button, it is listed and checked. ( plugin id 31047) But when I click on show all button, and expand the Microsoft Bulletins tag, no plugin is checked. My impression is that it is only a client issue, perhaps an strange string in some plugin title that prevent further display... -- Cordialement / Mit freundlichen Grüßen / Best regards, Patrice ARNAL Alcatel-Lucent ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
Re: Nessus XML Output
Happy new year everybody! I am very interested by your XML parser. Where can I get it? Thanks Cordialement / Mit freundlichen Grüßen / Best regards, Patrice ARNAL Alcatel-Lucent John Gray a écrit : Speaking of the Nessus XML Output, over the weekend I wrote an app to parse the xml file, and give a list of the alerts, list the text of the selected alert below, and pull downs for hosts, ids, and types. The pull downs for are filtering. Just check off anything on any the 3 pull downs, and all the records pertaining to that item will be filtered out of the list (check off as many things as you like). Its written in c#/.net. I wrote it under Windows, but I'm fairly sure it would move to mono without much trouble. I'm happy to make the app and its source freely available (as long as doing so doesn't break anything I agreed to in the licensing agreement with Nessus). Its a little crude yet. It has a button for opening up the xml, but I haven't associated a good image with it yet, so I has some meanless default image. And it just deals with the alerts. It throws any general records. But I find it very very handy. Its really good for taking a big list, throwing out Notes. Gretting rid of any instance of alert id X (cause I know its bogus). etc. And getting me down to a list of issues I really need to address. While I'm happy to make it freely available, its unlikely that I'll make any enhancements to it beyond my own needs (time is really really tight these days). John ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
Re: Where is the user and password info stored?
1- The information is stored in /opt/nessus/var/nessus/users/name_of_user 2- what do you mean about plain text ? The CLI uses, with the -c option, a .nessusrc file that can be generated by NessusClient. If there is no -c option, it create or uses the .nessusrc file, where you can check the options/plugins used. All these files are plain text. Cordialement / Mit freundlichen Grüßen / Best regards, Patrice ARNAL Alcatel-Lucent [EMAIL PROTECTED] a écrit : I installed nessus on Ubuntu and then added users (nessus-adduser). Where is this information stored? I'm using the command line interface and am concerned about how it uses plain text: nessus -V -q 127.0.0.1 http://127.0.0.1 1241 user plaintextpassword targetsfile outputfile ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
Sun Solaris patches
Hello Running Nessus against Solaris boxes with local security checks enabled leads to poorly exploitable results. I don't blame Nessus about this, but the naming scheme of Sun does not allow to know whether the missing patches are recent ones : normally unpatched or old ones showing up a problem in update process. The remote host is missing Sun Security Patch number 126868-01 (SunOS 5.10: SunFreeware bzip2 patch). You should install this patch for your system to be up-to-date. *Solution :* http://sunsolve.sun.com/search/document.do?assetkey=1-21-126868-01-1 *Risk factor :* High *Plugin output :* Missing patch : 126868-01 (No previous revision of this patch has been installed) List of affected packages : - SUNWbzip, version : 11.10.0,REV=2005.01.08.05.16 Nessus ID : 27074 http://www.nessus.org/plugins/index.php?view=singleid=27074 If I go to the Sunsolve site, I get : *Document Audience:*PUBLIC *Document ID:*126868-01 *Title:* SunOS 5.10: SunFreeware bzip2 patch *Copyright Notice:*Copyright © 2007 Sun Microsystems, Inc. All Rights Reserved *Update Date:*Mon Oct 15 09:33:10 MDT 2007 So I can see this is a rather recent patch. If the DATE of either the Sun Update or of the plugin creation appears in the report, it can help a lot. Thanks -- Cordialement / Mit freundlichen Grüßen / Best regards, Patrice ARNAL Alcatel-Lucent ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
SSH login with keys
Hello When using ssh credentials (keys/no passwd), I have the following problem : 1- Nessus3 server and Nessus3 client on the same machine: Works fine 2- Nessus3 server and Nessus3 client on differents machines (Client on Windows) server on Linux : can't log 3- Nessus3 client on windows / Nessus2 server on Solaris can't log 4- NessusWX client on Windows / nessus2 server on Solaris : Works OK 5- NessusWX client / Nessus3 on Linux : test to be done Well seems like Nessus3 client doesn't push correctly the keys to the server. Is this a known issue? Thanks -- Cordialement / Mit freundlichen Grüßen / Best regards, Patrice ARNAL Alcatel-Lucent ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
Re: managing scan reports
My own experience is 1- to open the nbe file in a spreadsheet ( Xcel/ OpenOffice Calc...) : text file / field separator |, 2 -do the sorting/ extracting... in the spreadsheet. 3- save the nbe file and import it into any nessus client to get a nice html report. Cordialement / Mit freundlichen Grüßen / Best regards, Patrice ARNAL Alcatel-Lucent ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
NessusClient3B5 - Scanning from a list
Hello, On Windows XP, I tried to scan from a file. This file was created from an Excel sheet saved as txt. Apparently, it was saved in Unicode and this format is not recognized by NessusClient See attached file. Unless this file is opened in an Hex editor, there is no evidence : notepad and wordpad show them as pure text. -- Cordialement / Mit freundlichen Grüßen / Best regards, Patrice ARNAL Alcatel-Lucent ÿþ1�5�5�.�1�3�2�.�2�7�.�1�3�4�,�1�5�5�.�1�3�2�.�2�7�.�1�4�0�,�1�5�5�.�1�3�2�.�2�7�.�1�4�1�,�1�5�5�.�1�3�2�.�2�7�.�1�4�2�,�1�5�5�.�1�3�2�.�2�7�.�1�4�3�,�1�5�5�.�1�3�2�.�2�7�.�1�4�7�,�1�5�5�.�1�3�2�.�2�7�.�1�4�8�,�1�5�5�.�1�3�2�.�2�7�.�1�5�2�___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
NessusClient3B5 Nice_to_have feature
Hello As well on Linux and Windows, the file-save / file-open dialogs both start from the nessus default directory. Could it open by default the latest directory used? -- Cordialement / Mit freundlichen Grüßen / Best regards, Patrice ARNAL Alcatel-Lucent ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
Nessus3B5 export nbe
Hello Running Nessus3B5 on windows XP, server 3.0.6 for Linux, the nbe export lacks of scan timestamps : timestamps|||scan_start|| timestamps|||scan_end|| timestamps||.yy.zz.alcatel.com|host_start|Thu Oct 11 16:06:54 2007| -- Cordialement / Mit freundlichen Grüßen / Best regards, Patrice ARNAL Alcatel-Lucent ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
NessusClient v3.0.0 Beta5
Hello I just started playing with the Beta 5 version. SSL login to servers works fine, although the ssl settings dialog insist on providing a Path to CA and does not accept an empty answer. (which was accepted by NessusClient1) By the way, this field does not seems very useful, because I put a non-existent file name in the dialog box and nobody complained about it -- Cordialement / Mit freundlichen Grüßen / Best regards, Patrice ARNAL Alcatel-Lucent ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
Re: Trouble getting Nessus to launch
Use /opt/nessus/sbin/nessud -D to launch the server Install NessusClient to get a GUI ( choose your flavor : version 1 or Version 3 beta ) Use /opt/nessus/bin/nessus to have a command-line run ( I use this rather in crontab and unattended scans) Cordialement / Mit freundlichen Grüßen / Best regards, Patrice ARNAL Alcatel-Lucent Wayne Kidd a écrit : Morning, I am new to this list and Nessus and need some advice. I had an earlier version of Nessus (2.2.9-1.fc6.i386) and wanted to install the latest version 3.0.6-fc6.i3896. I used yum to install the old version and was able to successfully install the 3.0.6 version. My question is how do I launch Nessus? I am running Fedora Core 6 and admit to being new to Linux/Fedora. I was able to register Nessus, ad update the plug-ins using the terminal. I added a new user by drilling down thru the Filesystem to the /opt/nessus/sbin folder and using the commands in that folder. For the life of me I cannot get the app to launch. Thanks in advance for any help/advice. Wayne ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
Plugin 25203 Enumerate IPv4 interfaces via SSH
Here is the plugin output on a Solaris 10 (sparc) The following IPv4 addresses are set on the remote host : - 127.0.0.1 (on interface lo0) - 127.0.0.1 (on interface lo0) - 135.120.0.13 (on interface lo0) - 135.120.0.16 (on interface lo0) and here is the ifconfig output on the same box : lo0: flags=2001000849UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL mtu 8232 index 1 inet 127.0.0.1 netmask ff00 lo0:1: flags=2001000849UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL mtu 8232 index 1 zone frmrszad03p inet 127.0.0.1 netmask ff00 e1000g0: flags=1000843UP,BROADCAST,RUNNING,MULTICAST,IPv4 mtu 1500 index 2 inet 135.120.0.13 netmask f800 broadcast 135.120.7.255 ether 0:14:4f:6a:ea:f4 e1000g0:1: flags=1000843UP,BROADCAST,RUNNING,MULTICAST,IPv4 mtu 1500 index 2 zone frmrszad03p inet 135.120.0.16 netmask broadcast 135.120.255.255 I can see the 2 lo0 interfaces for 127.0.0.1, but the 2 other IPs should be on e1000g0 -- Cordialement / Mit freundlichen Grüßen / Best regards, Patrice ARNAL Alcatel-Lucent 1rte Dr A.Schweitzer 67408 - ILLKIRCH - FRANCE Email: [EMAIL PROTECTED] Phone: +33 (0) 3 90 67 99 22 / 2197 99 22 Mobile: +33 (0) 6 06 07 67 68 08 Fax: +33 (0) 3 90 67 72 07 ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
Solaris missing patches
On a freshly installed Solaris10- release 4, Nessus plugin 24954 complains about missing patch : Missing patch : 125100-10 (No previous revision of this patch has been installed) but the system admin told me that this patch is included in the release. Is this caused by the fact that this release is fairly new and that my registered feed did not got the right plugins release? Here is the uname -a output : SunOS frctfscc04p 5.10 Generic_120011-14 sun4u sparc SUNW,SPARC-Enterprise -- Cordialement / Mit freundlichen Grüßen / Best regards, Patrice ARNAL Alcatel-Lucent ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
Re: Question about nessus-update on windows
Nicolas Pouvesle a écrit : On Sep 14, 2007, at 2:11 PM, Patrice Arnal wrote: On Sep 14, 2007, at 12:09 PM, Patrice Arnal wrote: Hello I ran updatecmd.exe on my Win XP box / Nessus 3.06.1 buildW321 and got : Installed 11284 of 15457 plugins smbshell.nbin[3364.3364] This is not a Nessus plugin version problem ? No. smbshell.nbin is not a standard plugin and is not part of the plugin feed. Well, in this case from where does it come? I use the registered plugin-feed I suppose you downloaded it from http://cgi.tenablesecurity.com/ tenable/smbshell.php and copied it in your Nessus plugin directory. Nicolas No , I just launched updatecmd.exe.; I don't know to which site it's connecting, but I got the authentication pop-up from my proxy. This shows that the config is OK and that I get back plugins from Tenable. Hence my question about the version. On the download site, there is no sub-version indication : just 3.0.6 for Windows Here is the full output of this morning's update : D:\tools\Tenable\Nessusupdatecmd.exe Looking for new plugins... New plugins found, downloading... Downloaded 6,35 Mo of 6,35 Mo Installation is in progress, please wait... Plugin installation is in progress, please wait... Installed 11299 of 15477 plugins smbshell.nbin[1100.1100]This is not a Nessus plugin Installed 15323 of 15477 plugins Plugin update completed. D:\tools\Tenable\Nessus ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
Question about nessus-update on windows
Hello I ran updatecmd.exe on my Win XP box / Nessus 3.06.1 buildW321 and got : Installed 11284 of 15457 plugins smbshell.nbin[3364.3364] This is not a Nessus plugin version problem ? -- Cordialement / Mit freundlichen Grüßen / Best regards, Patrice ARNAL ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
Re: Question about nessus-update on windows
On Sep 14, 2007, at 12:09 PM, Patrice Arnal wrote: Hello I ran updatecmd.exe on my Win XP box / Nessus 3.06.1 buildW321 and got : Installed 11284 of 15457 plugins smbshell.nbin[3364.3364] This is not a Nessus plugin version problem ? No. smbshell.nbin is not a standard plugin and is not part of the plugin feed. Well, in this case from where does it come? I use the registered plugin-feed Nicolas ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
Re: nessus3 annoyances/wish list
I don't want to start a troll, but I fully disagree with this... NessusWX is a real mess, apart for its DB integration, which is only partial for our goals. I used NessusClient1 on windows and linux because it allows easy build of .nessusrc files for command-line scans and provides the same output report as the command-line nessus. So I was able to use either one-shot scans from GUI and routine scans from crontab / command-line and get a consistent reporting for both. As I have no Mac in my environment I can't tell anything about its GUI Nessus3 Client provides a more consistent environment across different platforms, and last but not least, is much more efficient than the other GUI. It lacks of the .nessurc generation feature, but its scan policy feature is great It also allows the simultaneous use of different sessions, which was not working well in any previous GUI I used and this feature is really useful in regard of the number of servers I have to check. The export/import feature allows a good integration with previously generated reports The real-time follow-up of the scan is great ( that was a good feature in NessusWX ) . The only drawback I noticed is it's lack of debugging tools/error messages... And the inability to log on scanner with certificates exchange, but this is a planned feature. By the way, is it possible to use our company generated certificates instead of the Nessus provided certificates? Great job. Cordialement / Mit freundlichen Grüßen / Best regards, Patrice ARNAL Alcatel-Lucent Mercer, Jeff C - Raleigh, NC a écrit : I've never found a truely good Nessus client, not even from Tenable. :( NessusWX is the best I've been able to find but it's largely orphaned. Tenable should have invested time on re-working it instead of continually re-writing clients from scratch. I'm assuming Tenable didn't feel like using 3rd party open source software. Which is sad... Anyways, the new Nessus Client 3 beta is a good start but it's missing a lot of critical pieces. I think some of these are just not done yet: o Import of configurations AND session results o Export of same o Support for ALL legacy Nessus data formats (.nsr, .enx, .nbe) o Database back-end connectivity, so results can be stored in a database o Multiple result sets per session configuration o Clearer progress indicators for connecting to Nessus servers, downloading plugins, uploading configs, scanning, etc. o Better error messages about problems connecting to a Nessus server o Credential testing option for quickly testing configured credentials o Better credential management in general. I should be able to input multiple sets of different credentials into one database, password protected, and then simply link a particular credential set (or sets) to a scan configuration o Reporting! Yeah yeah, Tenable wants everyone to buy Security Center. Which is absurd if all you want is a few reports for scans. There's a HUGE difference between running a full-blown SIM and just wanting to report on some scans o Wizards for performing certain types of scans. I don't just mean pre-configured sessions, i'm talking full wizards that step the ignorant through selecting hosts, credentials, etc. o Management of nessus servers plugin library (i.e. updating plugins, specifying plugin channel, checking last plugin update done, etc etc) I really could go on. Basically, Nessus has grown-up a lot from where it started but it still lacks MANY features found in Enterprise scanning solutions from ISS/IBM, Harris, BindView, etc... And frankly, most of this is due to the simplified clients. - *From:* [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] *On Behalf Of *Michael T Cyr *Sent:* Friday, September 07, 2007 12:20 PM *To:* nessus *Subject:* nessus3 annoyances/wish list I'm sure this has been answered before, but an inability to find it brought me here. Ubuntu 7.4 Nessusd 3.0.6 NessusClient 3.0.0 Beta2 and Beta3 When I upgraded from client 2 to 3, i found that my progress bar(s) are gone. I loved the fact that client 2 gave you the progress of port scans and vulnerability scans with each client. Now all I can see is that a scan is either on, or done. Not very much help! Are there any plans to put progress bars/status back in? Is there an easy way to count plugins? i found no command line switch in nessusd, nothing in client 3 will tell you how many plugins are installed or even used in a policy. Nessusd 2 (i believe it was 2) would load plugins x/#. I like the progress bar of loading plugins from command line now better, but the only way I can figure to count plugins is out of the Nessus software. Is there a way of counting install plugins other than manually in a browser? Thanks Mike
Re: nessus3 annoyances/wish list
Hello Ron, About progress bars, the connecting phase of the client to the server is a bit too quiet In the previous version, you knew when the connection was done and when plugins were downloaded. Also, I did not have the opportunity to test it, but a few month ago, the server's certificate expired... The ONLY client that gave me a useful hint Invalid certificate was the Linux NessusClient 1 All the others ( windows NessusClient, NessusWx ... ) gave me either protocol error or connection refused Paying attention to error messages is essential... Thanks Cordialement / Mit freundlichen Grüßen / Best regards, Patrice ARNAL Alcatel-Lucent ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
VMware ESX host scan
Hello I have to check a VMware-ESX host. This is a Red Hat based distro: cat /etc/redhat-release Red Hat Enterprise Linux ES release 3 (Taroon) My issue is that I can log on this server via ssh from the scanner's host, but the nessusd itself seems unable to log on it. The /var/log/messages on the target tells : Protocol major versions differ for a.b.c.d: SSH-2.0-OpenSSH_3.6.1p2 vs. S SH-9.9-NessusSSH_1.0 a.b.c.d is the IP address of the nessusd host. Apparently, the VMware host does check the ssh client and does not allow 2 different clients from the same host. Did someone know about this? Is this RedHat specific or is it added by the VMware ESX ? -- Cordialement / Mit freundlichen Grüßen / Best regards, Patrice ARNAL Alcatel-Lucent ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
Re: force slackware plugins
You got it ! The plugin relies on this file to launch the check I got the same issue on a Debian. I guess that this is because, on Linux systems, the uname command returns only the kernel version, not the distro version Cordialement / Mit freundlichen Grüßen / Best regards, Patrice ARNAL Serkan Özkan a écrit : There is no /etc/slackware-version file on the system, such information has been removed from the system by the administrator but i know it is slackware 10.0. What I want to do is telling nessus that this is a slackware, run slackware local checks even if you can not detect any version etc information. Thanks On 8/8/07, Mehul [EMAIL PROTECTED] wrote: What version of Slackware are you running?. What is the output for command cat /etc/slackware-version -Mehul ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
Re: Netstat scanner does not seem to work on windows systems
The netstat scanner really ran on some windows machines on which Winsshd was installed ! By looking into the plugin code, I found that it depends on SSH and issues : ssh_cmd(socket:sock, cmd:cmd /c netstat -an.) The reason why it did not run on wintel is that I removed the SSH credential from my configuration. Sorry for the false alert. Cordialement / Mit freundlichen Grüßen / Best regards, Patrice ARNAL Alcatel-Lucent ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
Re: Netstat scanner does not seem to work on windows systems
It worked 2 months ago against windows : results|sxb.bsf.alcatel.fr|frillsdmzg4.sxb.bsf.alcatel.fr|general/tcp|11936|Security Note|\nRemote operating system : Microsoft Windows Server 2003 Service Pack 1\nMicrosoft Windows Server 2003 Service Pack 2\nConfidence Level : 59\nMethod : SinFP\n\n \nThe remote host is running one of these operating systems : \nMicrosoft Windows Server 2003 Service Pack 1\nMicrosoft Windows Server 2003 Service Pack 2\n results|sxb.bsf.alcatel.fr|frillsdmzg4.sxb.bsf.alcatel.fr|general/tcp|19506|Security Note|Information about this scan : \n\nNessus version : 3.0.5\nPlugin feed version : 200706190315\nType of plugin feed : Registered (7 days delay)\nScanner IP : 155.132.18.22\nPort scanner(s) : netstat \nPort range : 0-65535\nThorough tests : no\nExperimental tests : no\nParanoia level : 1\nReport Verbosity : 1\nSafe checks : yes\nOptimize the test : yes\nMax hosts : 1\nMax checks : 4\nScan Start Date : 2007/6/20 16:16\nScan duration : 885 sec\n\n ( excerpt of the nbe report ) Cordialement / Mit freundlichen Grüßen / Best regards, Patrice ARNAL Alcatel-Lucent Ron Gula a écrit : Patrice Arnal wrote: Hello I begin to use intensively credentials to check machines. Recently, in order to reduce the network stress / false alerts caused by the network scan, I checked out the nessus TCP scanner and checked in the Netstat scanner I noticed that the netstat scanner does not appear in the report, and that, apparently, only defaults ports were scanned, as if no scan took place. The credentials are OK and the account used has local admin rights on the target : I get a correct list for missing patches and the report tells me that it was possible to log on the server Client : NessusClient 1 for Debian Server : Nessus 3.0.5 on a Suse server Target : W2k3 Apparently, it works well on Solaris targets : netstat shows up in the scanner list, and I did not notice any missing ports. Any idea of further testings... The netstat port scanner only runs under UNIX OSes. Ron Gula Tenable Network Security ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
Netstat scanner does not seem to work on windows systems
Hello I begin to use intensively credentials to check machines. Recently, in order to reduce the network stress / false alerts caused by the network scan, I checked out the nessus TCP scanner and checked in the Netstat scanner I noticed that the netstat scanner does not appear in the report, and that, apparently, only defaults ports were scanned, as if no scan took place. The credentials are OK and the account used has local admin rights on the target : I get a correct list for missing patches and the report tells me that it was possible to log on the server Client : NessusClient 1 for Debian Server : Nessus 3.0.5 on a Suse server Target : W2k3 Apparently, it works well on Solaris targets : netstat shows up in the scanner list, and I did not notice any missing ports. Any idea of further testings... Cordialement / Mit freundlichen Grüßen / Best regards, Patrice ARNAL ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
Old NT 4 servers
Hello Is there a way to reactivate the check for missing updates for NT4 ? Eventually by reloading an old version of the plugins? But which one? -- Cordialement / Mit freundlichen Grüßen / Best regards, Patrice ARNAL ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
log_whole_attack
Hello everybody In NessusClient, I was unable to find the log_whole_attack flag. As bypass, I manually set it to yes in .:nessus/task/scope/nessusrc and it worked. But this is rather dirty. Thanks -- Cordialement / Mit freundlichen Grüßen / Best regards, Patrice ARNAL ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
Window checks over SSH
Hello I want to check windows patch levels through Nessus. All ours servers ( Windows / Unix ) are running SSH without password ( key exchange ). From the source of the plugins, confirmed by my checks, the Microsoft Bulletins family checks the credentials by opening the IPC$ share, providing login/password to do this. Obviously if you have only SSH credential, this does not work. Would it be possible to use ONLY SSH authentication on windows , the same way it's done on Linux / unixes Cordialement / Mit freundlichen Grüßen / Best regards, Patrice ARNAL Alcatel-Lucent ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
Plugin 22194 interpretation
On a newly installed server, fully patched according to the administrator,
a nessus scan ( 1host/1check/safe checks )
reports that ms06-35 is missing.
From the same scanner, the command
/tools/nessus/bin/nasl -t 138.203.216.64 -T /tmp/begelsapp04.ms06-035
/tools/nessus/lib/nessus/plugins/smb_kb921883.nasl
seems to return no hole.
Did I make a mistake?
Attached is the result of the nessus scan ( nbe ) and the last lines of
the nasl command's output
Thank you for the help
Cordialement / Mit freundlichen Grüßen / Best regards,
_
Patrice Arnal
ISS - DataCenter – ES
Alcatel ICT Services
Mailto: [EMAIL PROTECTED]
_
[29208](/tools/nessus/lib/nessus/plugins/smb_kb921883.nasl) NASL Call
make_list(1: 0, 2: 0, 3: 0, 4: 0, 5: 0, 6: 0, 7: 0, 8: 0, 9: 0, 10: 0, 11: 0,
12: 0, 13: 0, 14: 0, 15: 0, 16: 0, 17: 0, 18: 0, 19: 0, 20: 0, 21: 0, 22: 0,
23: 0, 24: 0, 25: 0, 26: 0, 27: 0, 28: 0, 29: 0, 30: 0, 31: 0, 32: 0, 33: 0,
34: 0, 35: 0, 36: ...)
[29208](/tools/nessus/lib/nessus/plugins/smb_kb921883.nasl) NASL Return
make_list: (DYN_ARRAY (64))
[29208]() NASL [002a83a0] - (VAR2_ARRAY)
NASL:0339 global_var ...
NASL:0341 _zero=raw_string(...);
NASL:0341 raw_string(...)
[29208]() NASL [002b0410] - 0
[29208](/tools/nessus/lib/nessus/plugins/smb_kb921883.nasl) NASL Call
raw_string(1: 0)
[29208](/tools/nessus/lib/nessus/plugins/smb_kb921883.nasl) NASL Return
raw_string:
[29208]() NASL [002a83c8] -
NASL:0342 _one=raw_string(...);
NASL:0342 raw_string(...)
[29208]() NASL [002b0410] - 1
[29208](/tools/nessus/lib/nessus/plugins/smb_kb921883.nasl) NASL Call
raw_string(1: 1)
[29208](/tools/nessus/lib/nessus/plugins/smb_kb921883.nasl) NASL Return
raw_string:
[29208]() NASL [002a8418] -
NASL:0351 _inb=make_list(...);
NASL:0351 make_list(...)
[29208]() NASL [002b0410] - 0
[29208]() NASL [002b03f0] - 0
[29208]() NASL [002b03d0] - 0
[29208]() NASL [002b03b0] - 0
[29208]() NASL [002b0390] - 0
[29208]() NASL [002b0370] - 0
[29208]() NASL [002b0350] - 0
[29208]() NASL [002b0330] - 0
[29208]() NASL [002b0310] - 0
[29208]() NASL [002b02f0] - 0
[29208]() NASL [002b02d0] - 0
[29208]() NASL [002b02b0] - 0
[29208]() NASL [002b0290] - 0
[29208]() NASL [002b0270] - 0
[29208]() NASL [002b0250] - 0
[29208]() NASL [002b0230] - 0
[29208]() NASL [002b0210] - 0
[29208]() NASL [002b01f0] - 0
[29208]() NASL [002b01d0] - 0
[29208]() NASL [002b01b0] - 0
[29208]() NASL [002b0190] - 0
[29208]() NASL [002b0170] - 0
[29208]() NASL [002b0150] - 0
[29208]() NASL [002b0130] - 0
[29208]() NASL [002b0110] - 0
[29208]() NASL [002b00f0] - 0
[29208]() NASL [002b00d0] - 0
[29208]() NASL [002b00b0] - 0
[29208]() NASL [002b0090] - 0
[29208]() NASL [002b0430] - 0
[29208]() NASL [002b0450] - 0
[29208]() NASL [002b0470] - 0
[29208]() NASL [002b0490] - 0
[29208]() NASL [002b04b0] - 0
[29208]() NASL [002b04d0] - 0
[29208]() NASL [002b04f0] - 0
[29208]() NASL [002b0510] - 0
[29208]() NASL [002b0530] - 0
[29208]() NASL [002b0550] - 0
[29208]() NASL [002b0570] - 0
[29208]() NASL [002b0590] - 0
[29208]() NASL [002b05b0] - 0
[29208]() NASL [002b05d0] - 0
[29208]() NASL [002b05f0] - 0
[29208]() NASL [002b0610] - 0
[29208]() NASL [002b0630] - 0
[29208]() NASL [002b0650] - 0
[29208]() NASL [002b0670] - 0
[29208]() NASL [002b0690] - 0
[29208]() NASL [002b06b0] - 0
[29208]() NASL [002b06d0] - 0
[29208]() NASL [002b06f0] - 0
[29208]() NASL [002b0710] - 0
[29208]() NASL [002b0738] - 0
[29208]() NASL [002b0758] - 0
[29208]() NASL [002b0778] - 0
[29208]() NASL [002b0798] - 0
[29208]() NASL [002b07f8] - 0
[29208]() NASL [002b07b8] - 0
[29208]() NASL [002b07d8] - 0
[29208]() NASL [002b0818] - 0
[29208]() NASL [002b0838] - 0
[29208]() NASL [002b0858] - 0
[29208]() NASL [002b0878] - 0
[29208](/tools/nessus/lib/nessus/plugins/smb_kb921883.nasl) NASL Call
make_list(1: 0, 2: 0, 3: 0, 4: 0, 5: 0, 6: 0, 7: 0, 8: 0, 9: 0, 10: 0, 11: 0,
12: 0, 13: 0, 14: 0, 15: 0, 16: 0, 17: 0, 18: 0, 19: 0, 20: 0, 21: 0, 22: 0,
23: 0, 24: 0, 25: 0, 26: 0, 27: 0, 28: 0, 29: 0, 30: 0, 31: 0, 32: 0, 33: 0,
34: 0, 35: 0, 36: ...)
[29208](/tools/nessus/lib/nessus/plugins/smb_kb921883.nasl) NASL Return
make_list: (DYN_ARRAY (64))
[29208]() NASL [002a8440] - (VAR2_ARRAY)
NASL:0434 global_var ...
NASL:0024 global_var ...
NASL:0060 global_var ...
NASL:0123 os=get_kb_item(...);
NASL:0123 get_kb_item(...)
[29208]() NASL [002bb0e8] - Host/OS/smb
[29208](/tools/nessus/lib/nessus/plugins/smb_kb921883.nasl) NASL Call
get_kb_item(1: Host/OS/smb)
[29208](/tools/nessus/lib/nessus/plugins/smb_kb921883.nasl) NASL Return
get_kb_item: NULL
[29208]() NASL [002bc5a0] - undef
NASL:0126 if (Windows ! os) { ... }
[29208](/tools/nessus/lib/nessus/plugins/smb_kb921883.nasl) NASL [002bc5a0] -
undef
NASL:0124 exit(...)
[29208]() NASL [002bb0e8] - 0
[29208](/tools/nessus/lib/nessus/plugins/smb_kb921883.nasl) NASL Call exit(1:
0)
[29208](/tools/nessus/lib/nessus/plugins/smb_kb921883.nasl) NASL Return exit: 0
Re: Plugin 22194 / 22034 interpretation
Sorry for the wrong copy-paste.
On the server I scanned; both plugins told that the server is vulnerable.
ms06-035 AND ms06-040
__
Vulnerability microsoft-ds (445/tcp)
Synopsis :
Arbitrary code can be executed on the remote host due to a flaw in the
'server' service.
Description :
The remote host is vulnerable to a buffer overrun in the 'Server' service
which may allow an attacker to execute arbitrary code on the remote host
with the 'System' privileges.
Solution :
Microsoft has released a set of patches for Windows 2000, XP and 2003 :
http://www.microsoft.com/technet/security/bulletin/ms06-040.mspx
Risk factor :
Critical / CVSS Base Score : 10
(AV:R/AC:L/Au:NR/C:C/A:C/I:C/B:N)
CVE : CVE-2006-3439
BID : 19409
Nessus ID : 22194
__
Vulnerability microsoft-ds (445/tcp)
Synopsis :
Arbitrary code can be executed on the remote host due to a flaw in the
'server' service.
Description :
The remote host is vulnerable to heap overflow in the 'Server' service
which
may allow an attacker to execute arbitrary code on the remote host with
the 'System' privileges.
In addition to this, the remote host is also vulnerable to an information
disclosure vulnerability in SMB which may allow an attacker to obtain
portions of the memory of the remote host.
Solution :
Microsoft has released a set of patches for Windows 2000, XP and 2003 :
http://www.microsoft.com/technet/security/bulletin/ms06-035.mspx
Risk factor :
Critical / CVSS Base Score : 10
(AV:R/AC:L/Au:NR/C:C/A:C/I:C/B:N)
CVE : CVE-2006-1314, CVE-2006-1315
BID : 18891, 18863
Nessus ID : 22034
__
And I ran both plugins through nasl : Both ended with not vulnerable
diagnostic.
I suppose that it's due to the fact that the OS is not recognized when the
plugin is launched in standalone :
..
[15071]() NASL [002bc6b8] - Host/OS/smb
[15071](/tools/nessus/lib/nessus/plugins/smb_kb917159.nasl) NASL Call
get_kb_item(1: Host/OS/smb)
[15071](/tools/nessus/lib/nessus/plugins/smb_kb917159.nasl) NASL Return
get_kb_item: NULL
[15071]() NASL [002bdac0] - undef
NASL:0159 if (Windows ! os) { ... }
[15071](/tools/nessus/lib/nessus/plugins/smb_kb917159.nasl) NASL
[002bdac0] - undef
NASL:0157 exit(...)
[15071]() NASL [002bc6b8] - 0
[15071](/tools/nessus/lib/nessus/plugins/smb_kb917159.nasl) NASL Call
exit(1: 0)
[15071](/tools/nessus/lib/nessus/plugins/smb_kb917159.nasl) NASL Return
exit: 0
Is there a way to force the plugin to check the vuln anyway.
I have to do this because it seems that it is a false positive, and I want
to check ( and eventually show to the admins )
the data exchanged between nessus and the server.
Cordialement / Mit freundlichen Grüßen / Best regards,
_
Patrice Arnal
ISS - DataCenter – ES
Mailto: [EMAIL PROTECTED]
_
___
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
Nasl interpretation plugin 22034
Having done the modification proposed by Renaud, I launched : /tools/nessus/bin/nasl -t 138.203.216.64 -T /tmp/begelsapp04.ms06-035 /tools/nessus/lib/nessus/plugins/smb_kb917159.nasl and here is the end of the output file : . NASL:0181 security_hole(...) [29965](/tools/nessus/lib/nessus/plugins/smb_kb917159.nasl) NASL [002bdd70] - 445 [29965]() NASL [002bebe0] - 445 [29965](/tools/nessus/lib/nessus/plugins/smb_kb917159.nasl) NASL Call security_hole(1: 445) [29965](/tools/nessus/lib/nessus/plugins/smb_kb917159.nasl) NASL Return security_hole: FAKE NASL:0184 NetUseDel(...) .. What is the meaning of the line Return security_hole: FAKE ? Vulnerable or not ? Cordialement / Mit freundlichen Grüßen / Best regards, _ Patrice Arnal ISS - DataCenter – ES Alcatel ICT Services 1rte Dr A.Schweitzer - 67408 - ILLKIRCH - FRANCE Phone : +33 (0) 3 90 67 74 22 / 2187 74 22 Fax : +33 (0) 3 90 67 72 07 Mobile: +33 (0) 6 06 07 67 68 08 Mailto: [EMAIL PROTECTED] _ ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
Re: Plugin update error
Try /opt/nessus/sbin/nessus-update-plugins -v or /opt/nessus/sbin/nessus-update-plugins -vv In the first case ( -v ) you get the list of downloaded plugins In the second case, this is like sh -x : you get all the actions of of the update : connection to the server, download ( redirect the output in a file it can be VERY verbose) Very useful to check what is really going on. Anyway, if you run nessus-update-plugins several times in a row, the second run detect that the plugins are already up-to-date and quit almost immediately. Cordialement / Mit freundlichen Grüßen / Best regards, _ Patrice Arnal ISS - DataCenter – ES Mailto: [EMAIL PROTECTED] _ Yasantha Uggallage [EMAIL PROTECTED] 20/09/2006 09:44 To Patrice ARNAL/FR/[EMAIL PROTECTED] cc Subject Re: Plugin update error Dear Patrice, Thank you very much for the reply. But I dont have any all-2.0.sig file anywhere on my server. Sometimes when I run the nessus-update-plugins command it just comes to the prompt without giving any out put. I dont know whether its updating or not. plugin_feed_info.inc PLUGIN_SET = 200609190015; PLUGIN_FEED = Registered (7 days delay); [EMAIL PROTECTED] tmp]# /opt/nessus/sbin/nessus-update-plugins [EMAIL PROTECTED] tmp]# /opt/nessus/sbin/nessus-update-plugins [EMAIL PROTECTED] tmp]# /opt/nessus/sbin/nessus-update-plugins [EMAIL PROTECTED] tmp]# /opt/nessus/sbin/nessus-update-plugins Thank you. - Original Message - From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: nessus@list.nessus.org ; [EMAIL PROTECTED] Sent: Tuesday, September 19, 2006 7:13 PM Subject: Re: Plugin update error Check in yours /tmp or ~/tmp directory : maybe it remains an old all-2.0.sig . You just have to delete it. Cordialement / Mit freundlichen Grüßen / Best regards, _ Patrice Arnal ISS - DataCenter – ES Mailto: [EMAIL PROTECTED] _ Yasantha [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] 19/09/2006 11:14 Please respond to [EMAIL PROTECTED] To nessus@list.nessus.org cc Subject Plugin update error Dear All, I installed Nessus latest version on a CentOS server. But it does not allow me to do the update even after registering properly. It gives the error all-2.0.sig is not the valid signature for all-2.0.tar.gz Aborting. Pls help. Thank you, Yasantha [EMAIL PROTECTED] tmp]# /opt/nessus/bin/nessus-fetch --register --- - Your activation code has been registered properly - thank you. Now fetching the newest plugin set from plugins.nessus.org... all-2.0.sig is not the valid signature for all-2.0.tar.gz Aborting An error occured while fetching the plugins. Your Nessus installation may not be up-to-date. [EMAIL PROTECTED] tmp]# /opt/nessus/sbin/nessus-update-plugins all-2.0.sig is not the valid signature for all-2.0.tar.gz Aborting ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
Plugin 22318
Hello It seems that the category of this plugin is misspelled : Detection instead of detection : My NessusClient shows it under its own plugin family. This is not the case on the plugin page of nessus.org Cordialement / Mit freundlichen Grüßen / Best regards, _ Patrice Arnal ISS - DataCenter – ES Mailto: [EMAIL PROTECTED] _ ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
Re: Plugin update error
Check in yours /tmp or ~/tmp directory : maybe it remains an old all-2.0.sig . You just have to delete it. Cordialement / Mit freundlichen Grüßen / Best regards, _ Patrice Arnal ISS - DataCenter – ES Mailto: [EMAIL PROTECTED] _ Yasantha [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] 19/09/2006 11:14 Please respond to [EMAIL PROTECTED] To nessus@list.nessus.org cc Subject Plugin update error Dear All, I installed Nessus latest version on a CentOS server. But it does not allow me to do the update even after registering properly. It gives the error all-2.0.sig is not the valid signature for all-2.0.tar.gz Aborting. Pls help. Thank you, Yasantha [EMAIL PROTECTED] tmp]# /opt/nessus/bin/nessus-fetch --register --- - Your activation code has been registered properly - thank you. Now fetching the newest plugin set from plugins.nessus.org... all-2.0.sig is not the valid signature for all-2.0.tar.gz Aborting An error occured while fetching the plugins. Your Nessus installation may not be up-to-date. [EMAIL PROTECTED] tmp]# /opt/nessus/sbin/nessus-update-plugins all-2.0.sig is not the valid signature for all-2.0.tar.gz Aborting ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
RE: Securing nessusd
Another way to secure a nessus scanner is to completly disable login/password nessus accounts and use only key exchanges. You can achieve this by removing all hash files under the users directory Cordialement / Mit freundlichen Grüßen / Best regards, _ Patrice Arnal ISS - DataCenter – ES Mailto: [EMAIL PROTECTED] _ Jim Hendrick [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] 14/09/2006 12:44 To [EMAIL PROTECTED], nessus@list.nessus.org cc Subject RE: Securing nessusd For your box, look at using iptables. Set up a simple rule to allow the hosts/networks you want to connect and allow the rest to drop through to the (hopefully already existing) deny all. Syntax is pretty straightforward and if you run it from the command line it will not survive reboots so you can undo your changes. Also look at iptables-save and iptables-restore to preserve your existing state. Later, Jim -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Patrick Derwael Sent: Thursday, September 14, 2006 4:05 AM To: nessus@list.nessus.org Subject: Securing nessusd Hi list, I'm in a process of securing my Nessus scanner. Currently, the scanner runs with the default startup options (-D -q), which makes it accessible by anyone. I want it to reject any connection attempt, except from 2 IPs (adding the -a option) The scanner'IP (on a RedHat box) is x.y.z.218, and I'm running NessusWX on x.y.z.219. When I start the daemon with nessusd -D -q -a x.y.z.218,x.y.z.219, it rejects every connection, including those from x.y.z.218/219. Does that mean that -a only accepts one single IP, or am I doing something wrong ? -- Web and Co Patrick Derwael Rue Hubert Larock, 20 4280 Hannut email: [EMAIL PROTECTED] http://www.webandco.be ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
Nmap and Nessus
Probably a silly question I installed Nessus 2.2.8 and then I installed nmap. Nmap is in the $PATH but does not appear in the scanners choices. I can't feed nessus with grepable results from nmap : the option does not appear in any menu. Is there a way to make nmap reappears, without re-installing nessus? Thank you _ Patrice Arnal ISS - DataCenter – ES Mailto: [EMAIL PROTECTED] _ ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
Port scanner
Hello Until now, I was happy and confident in the use of Nessus's TCP scanner. Today, I had to scan a new machine, behind a FW / router ( I already scanned machines in this configuration ) The route is open full IP from the scanner to the target during the scan ( And as the network admin is 2 desks from mine, I am SURE it has been done ) Nessus TCP scanner reported 0 open ports Nmap reported correctly 22 80 443 .. as opened and if I use the grepable output of nmap, nessus correctly returned its findings on the ports. My question is : What can I do in order to be sure that the nessus TCP scanner gives me the right results? Is there parameters I can play with? Cordialement / Mit freundlichen Grüßen / Best regards, _ Patrice Arnal ISS - DataCenter – ES Mailto: [EMAIL PROTECTED] _ ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
Certificates renewal
I think I missed something obvious, but now I am completly puzzled. On my scanner, the user secadm was allowed to connect via certificate. Everything was OK till yesterday : the key /certicates were send by the NessusClient and granted by the server This morning : SSH error ! Some investigations proved that the client certificate expired this night. As I did not found the procedure to renew the certificate, I deleted the user secadm ( with nessus-rmuser ) and I recreated it via nessus-mkcert-client ( answered yes to the registration question ) I copied the new keys/certificates to the right place for NessusClient and now I get Login error The nessusd.message of the server says : check_user: Bad DN for user secadm Given DN=/C=FR/ST=Ile de France/L=Massy/O=Alcanet/OU=DC_SECURITY/CN=secadm/[EMAIL PROTECTED] Last tried DN=/C=FR/ST=Ile de France/L=Massy/O=Alcanet/OU=DC_SECURITY/CN=secadm/[EMAIL PROTECTED] Which is exactly what is in the .../secadm/auth/dname Nessus Server 2.2.8 on Suse Linux Nessus Client NessusClientBeta for windows Where is the mistake ? Thank you for any help Cordialement / Mit freundlichen Grüßen / Best regards, _ Patrice Arnal ISS - DataCenter – ES Alcatel ICT Services 1rte Dr A.Schweitzer - 67408 - ILLKIRCH - FRANCE Phone : +33 (0) 3 90 67 74 22 / 2187 74 22 Fax : +33 (0) 3 90 67 72 07 Mobile: +33 (0) 6 06 07 67 68 08 Mailto: [EMAIL PROTECTED] _ ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
Nessus Update Plugins
Hello I have Nessus 2.2.8 installed on an old Sun Ultra5 When I start nessus, it takes about 10 minutes to read all plugins and be ready , but after a nessus-update-plugins, it takes 40 minutes to restart. Why such a difference? [Tue Aug 1 15:01:47 2006][3318] received the TERM signal [Tue Aug 1 15:11:33 2006][16919] nessusd 2.2.8. started - 10 minutes to start [Tue Aug 1 15:23:23 2006][16919] Caught HUP signal - reconfiguring nessusd [Tue Aug 1 16:03:16 2006][17015] nessusd 2.2.8. started - 40 minutes to re-start Cordialement / Mit freundlichen Grüßen / Best regards, _ Patrice Arnal ISS - DataCenter – ES _ ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
Nessus certificates renewal
Hi When running nessus against another nessus-server, I get this warning : Warning nessus (1241/tcp) The SSL certificate of the remote service expired Jul 5 16:51:45 2006 GMT! Nessus ID : 15901 How can I make the SSL renewal? Do I need to re-create all the clients certicates? Thank you ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
Nessus3.0.3beta for windows
Conducting some tests and comparisons between 3.0.3beta for windows and nessus3.0.3 for Linux, I noticed that the windows version does not seem to have the nessus tcp scanner installed ( plugin 10335 does not appear anywhere ) Another point is the driving of nessus daemon from NessusClient or from the Tenable NessusGui : some plugins does not appear in NessuClient ( I suppose this is caused by protocol problems / cache updating ) between the daemon and the client ) Cordialement / Mit freundlichen Grüßen / Best regards, _ Patrice Arnal ISS - DataCenter – ES Alcatel ICT Services 1rte Dr A.Schweitzer - 67408 - ILLKIRCH - FRANCE Phone : +33 (0) 3 90 67 74 22 / 2187 74 22 Fax : +33 (0) 3 90 67 72 07 Mobile: +33 (0) 6 06 07 67 68 08 Mailto: [EMAIL PROTECTED] _ ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
nessus-update-plugins
Hi I am running Nessus 2.2.8 on a Solaris machine. Doing nessus-update-plugins by crontab, I get this report : Your cron job on towong /usr/local/sbin/nessus-update-plugins produced the following output: Warning: missing newline at end of file /usr/local/lib/nessus/plugins/MD5 Warning: missing newline at end of file all-2.0.tar.gz.md5 ? Is this normal? By the way, at what time are scheduled your plugins updates? I will adjust the schedule of mine accordingly. Thanks Cordialement / Mit freundlichen Grüßen / Best regards, _ Patrice Arnal ISS - DataCenter – ES Alcatel ICT Services 1rte Dr A.Schweitzer - 67408 - ILLKIRCH - FRANCE Phone : +33 (0) 3 90 67 74 22 / 2187 74 22 Fax : +33 (0) 3 90 67 72 07 Mobile: +33 (0) 6 06 07 67 68 08 Mailto: [EMAIL PROTECTED] _ ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
Nessus 3.0.3 (beta) for windows and NessusClient ( for windows too) on the same machine
Hello I am happilly running NessusClient 1.2.0.CVS for windows to drive some Nessus 2.07-2.08 scanners. On the same windows XP machine I installed Nessus 3.0.3 for windows, but I did not succed in connecting the NessusClient to the nessus daemon ( service launched / works from the Tenable Gui ) What are the credential exchanged ? Will it be possible to use certificates authentification? Thanks Cordialement / Mit freundlichen Grüßen / Best regards, _ Patrice Arnal _ ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
Re: Which port scanner was used ?
[EMAIL PROTECTED] wrote on 26/06/2006 19:42:26: On Mon Jun 26 2006 at 17:59, [EMAIL PROTECTED] wrote: Is it possible to find somewhere in a nessus report (.nbe or html) the port scanner really used? scan_info.nasl (ID 19506) gives this information. May be I was unclear : by port-scanner I mean : - Nessus TCP scanner (plugin 10335) - Nessus SNMP scanner (plugin 14274) - Nmap - input from grepable nmap file - ... I don't find this information in the report Here is the output of the plugin scan_info.nasl : Information about this scan : Nessus version : 2.2.6 Plugin feed version : 200605290815 Type of plugin feed : Registered (7 days delay) Scanner IP : 149.204.245.90 Port range : 1-65535 Thorough tests : no Experimental tests : no Paranoia level : 1 Report Verbosity : 1 Safe checks : yes Max hosts : 2 Max checks : 4 Scan Start Date : 2006/6/22 17:55 Scan duration : 223 sec Nessus ID : 19506 Thanks ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
Which port scanner was used ?
Hello Is it possible to find somewhere in a nessus report (.nbe or html) the port scanner really used? I ask this because on one of my nessus scanner, the nessus TCP scanner (10335 ) does not seems to be launched. And my scan result seems rather incomplete. Anway, the nessus tcp scanner does not issue any output in the report Thanks Cordialement / Mit freundlichen Grüßen / Best regards, _ Patrice Arnal ISS - DataCenter – ES _ ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
Nessus3 for windows
Hello I installed Nessus3 for windows ( beta ) and found it is great for single tests. I was rather surprised by the interface, which is really in window's style I got the same results as with the Linux version. BUT I was unable to register/download plugin through my corporate HTTP proxy I did not even got the authentication pop-up. I perfectly succeded to register and update plugins from home ( no HTTP Proxy) Great job! Cordialement / Mit freundlichen Grüßen / Best regards, _ Patrice Arnal ISS - DataCenter – ES Alcatel ICT Services 1rte Dr A.Schweitzer - 67408 - ILLKIRCH - FRANCE Phone : +33 (0) 3 90 67 74 22 / 2187 74 22 Fax : +33 (0) 3 90 67 72 07 Mobile: +33 (0) 6 06 07 67 68 08 Mailto: [EMAIL PROTECTED] _ ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
Re: Que sont les plugins devenus?
Well, If I interpret correctly your answer, the plugins obtained by nessus-update-plugins depends on the nessus version ( 2.2.5 /2.2.6) Next question : I have a third nessus scanner with no internet access. So I get all2.tar.gz from my browser. Which set of plugins will I get? What happens if I upgrade nessus on this third machine? Thanks [EMAIL PROTECTED] wrote on 05/12/2005 17:34:36: On Dec 5, 2005, at 10:23, [EMAIL PROTECTED] wrote: Hello I have 2 nessus machines, both on Debian. The first one runs nessus 2.2.5 and when starting nessusd announce proudly 9855 plugins. The second one runs nessus 2.2.6 and when started 9702 plugins. I ran nessus-update-plugins this morning on both machines and I wonder where are the 153 plugins missing in nessus 2.2.6 . Some plugins have been removed (mostly cross-site-scripting in obscure freewares). -- Renaud ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
Que sont les plugins devenus?
Hello I have 2 nessus machines, both on Debian. The first one runs nessus 2.2.5 and when starting nessusd announce proudly 9855 plugins. The second one runs nessus 2.2.6 and when started 9702 plugins. I ran nessus-update-plugins this morning on both machines and I wonder where are the 153 plugins missing in nessus 2.2.6 . Thanks in advance Patrice ARNAL___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
From manual to automatic
Hello I manually registered my copy of nessus, as I did not have internet acces. Now I have an internet acces. How can I configure nessus to run nessus-update-plugins? nessus-fetch -check says I am not registered nessus-fetch -register xxx-xxx-xxx-xxx says my copy is already registered. May be I have to re-register ( one more time ! ) Thanks Cordialement / Mit freundlichen Grüßen / Best regards, _ Patrice Arnal Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
Re: Port names
Thanks for your answers. I found the file services.txt in /usr/local/var/nessus ( regular text file), along with services.udp services.tcp. These two files seems to be binary files. Did not find anything under /usr/local/etc/nessus But I found a /etc/nessus/nessus-services file on the Linux ( nessus-installer ) How can I customize these files in order to add for instance special service 7950/tcp in order to have this instead of unknown ( 7950/tcp) in the nessus report ? Cordialement / Mit freundlichen Grüßen / Best regards, Patrice Arnal___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
Port names
Hello I got 2 installs of nessus 2.2.5, one on a solaris server, one on a Linux server ( Debian) On the debian one, the opened ports are correctly named ( ftp, ssh, etc...) On the Solaris one, most of them are named as unknown Which file do I have to check ? Cordialement / Mit freundlichen Grüßen / Best regards, Patrice Arnal___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
The nessusrc SCANNER_SET section
What is the meaning of the numbers in the SCANNER_SET section of nessusrc? Between two scans I thought identicals ( launched from the graphical interface on the nessus server ) I got 8c8 10278 = no --- 10278 = yes A search in the plugin library gave me Sendmail 8.6.9 ident for the plugin # 10278 . This does not seems to be relevant 10180 gave me : Ping the remote host that sounds more correct. 10331 gave me not found Hereafter is my full Scanner section . begin(SCANNER_SET) 10180 = yes 10278 = yes 10331 = no 10335 = yes 10841 = no 10336 = no 10796 = no 11219 = no 14259 = no 14272 = no 14274 = no 14663 = no 11840 = no end(SCANNER_SET) Thank you for the help . Cordialement / Mit freundlichen Grüßen / Best regards, Patrice Arnal___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
Re: nessus-fetch / proxy problem
Hello Thank you for the answer. but : 1- I am not able to change the authentification method of the whole company . 2- I use wget daily with these credentials and it works perfectly with proxy_username=firstname lastname Have a nice day Hugo van der Kooij [EMAIL PROTECTED] To ooij.org Sent by: nessus@list.nessus.org [EMAIL PROTECTED] cc st.nessus.org 17/08/2005 22:12 Subject Please respond to Re: nessus-fetch / proxy problem [EMAIL PROTECTED] s.org On Wed, 17 Aug 2005 [EMAIL PROTECTED] wrote: Please note that my login name on the proxy contains a space : Which is unwise. As it runs you into all kind of problems as you are finding out the hard way. proxy_username=firstname%20lastname This is another user. Not you. I tried proxy_username='firstname lastname' and proxy_username=firstname lastname Only the last one may stand a change. But try to get wget to fetch a file with these credentials before you start testing with nessus. Hugo. -- I hate duplicates. Just reply to the relevant mailinglist. [EMAIL PROTECTED] http://hvdkooij.xs4all.nl/ Don't meddle in the affairs of magicians, for they are subtle and quick to anger. ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
nessus-fetch / proxy problem
Here is what I get when trying to connect to internet through my proxy. Thanks for the help. Please note that my login name on the proxy contains a space : proxy_username=firstname%20lastname proxy_password=X I tried proxy_username='firstname lastname' and proxy_username=firstname lastname with the same result I use nessus 2.2.5 [EMAIL PROTECTED] nessus-fetch --check The remote proxy does not support CONNECT statements - HTTP/1.0 407 Proxy Authentication Required Date: Wed, 17 Aug 2005 17:32:02 GMT Content-Length: 257 Content-Type: text/html Server: NetCache appliance (NetApp/5.5R5D5) Proxy-Authenticate: Basic realm=l'accès à Internet : Vous êtes invité à consulter la charte d'utilisation du Système d'Information de votre société. HTML HEADTITLE407 Proxy Authentication Required/TITLE/HEAD BODY H1Proxy Authentication Required/H1 H4 Unable to complete request:P Access denied due to authentication failure. /H4 HR /BODY /HTML [EMAIL PROTECTED] ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
CA License vulnerability plugin
Hello I am in trouble with that plugin, as I am trying to check which machines are really vulnerable. I launched it against some Unix servers and got 1 vulnerable on port 10203 and one not vulnerable with port 10203 opened. I checked as indicated by the CA site : ( http://supportconnectw.ca.com/public/ca_common_docs/security_notice.asp ) quazar# strings /opt/CA/ca_lic/licrmt | grep BUILD LICAGENT BUILD INFO = /1.0.18/Jul 24 2003/17:52:23 frillsrm02p# strings /opt/CA/ca_lic/licrmt | grep BUILD LICAGENT BUILD INFO = /1.0.18/Jul 24 2003/17:52:23 I then tried a telnet on port 10203 and issued A0 GETCONFIG SELF 0 EOM got this : Quazar : A0 GCR HOSTNAMEQUAZAR HARDWAREUnknownLOCALEunknown IDENT1unknownIDENT2unknownIDENT3unknownIDENT4unknown OSSunOS 5.8OLFFILE0 0 0SERVERRMT VERSION3 1.53 NETWORK155.132.26.73 sxb.bsf.alcatel.fr 255.255.252.0 MACHINESUN_SUNW.Ultra-5.10_1_*CHECKSUMS0 0 0 0 0 0 0 0 0 0 0 0RMTV1.00EOM Frillsrm02p : A0 GCR HOSTNAMEFRILLSRM02P HARDWAREUnknownLOCALEunknown IDENT1unknownIDENT2unknownIDENT3unknownIDENT4unknown OSSunOS 5.8OLFFILE0 0 0SERVERRMT VERSION3 1.53 NETWORK155.132.24.237 sxb.bsf.alcatel.fr255.255.254.0 MACHINESUN_SUNW.Sun-Fire-V440_4_*CHECKSUMS0 0 0 0 0 0 0 0 0 0 0 0RMTV1.00EOM A second nessus test on these two machines said not vulnerable for both, with TCP 10203 port open. According to CA the /1.0.18/ build should be vulnerable. ( 1.0.15 to 1.4.6 ) and given the date of the build, that seems normal. I think that the Nessus plugin is baffled by the space between 3 1.53 More, the version issued by the A0 GETCONFIG command does not seem to be related to the LICAGENT version. Can you help me on determining exactly which machines are vulnerable or not ? I was not able to do the same test on a window machine : the telnet did not answer to the request. Cordialement / Mit freundlichen Gren / Best regards, Patrice Arnal ISS - DataCenter ES Alcatel ICT Services 1rte Dr A.Schweitzer - 67408 - ILLKIRCH - FRANCE Phone : +33 (0) 3 90 67 74 22 / 2187 74 22 Fax : +33 (0) 3 90 67 72 07 Mobile: +33 (0) 6 06 07 67 68 08 Mailto: [EMAIL PROTECTED] ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
Performing Local security tests
Hello From the nessus machine, I can log to a RH server : [EMAIL PROTECTED] ssh -2 -i .ssh/ident_rsa [EMAIL PROTECTED] Warning: No xauth data; using fake authentication data for X11 forwarding. /usr/bin/X11/xauth: timeout in locking authority file /tools_1/users/user1/.Xauthority Welcome on target1 Value of TERM has been set to vt100 . but , using the same key and account, Nessusd was unable to log on the same machine and perform the local security tests. Using the same configuration, Nessusd successfully logged-in on another machine. The differrence is that the loggin time was rather long on target1 due to the X11 forwarding time-out Is it possible to log-in without the X11 forwarding ( -x option of ssh ) from Nessusd ? Is it possible to set a long time out ( ~20sec ) for the ssh log-in plugin ? Thanks ___ Nessus mailing list [EMAIL PROTECTED] http://mail.nessus.org/mailman/listinfo/nessus
Chunked encoding vulnerability
Hello
I got a lot of Apache chunked encoding errors on a IIS server.
My tests were run with safe check disabled.
I made a copy of the plugins and added some printings :
# This was a real web server. Let's try again, with malicious data
req = string(GET /index.nes HTTP/1.0\r\n,
Transfer-Encoding: chunked\r\n\r\n,
fff0\r\n,
crap(42), \r\n\r\n);
send(socket:soc, data:req);
r = http_recv(socket:soc);
# If there is a send error, then it means the remote host
# abruptly shut the connection down
n = send(socket:soc, data:crap(5));
sleep(1);
display(n);
if(n 0)
{
security_hole(port);
-- display('HOLE\r\n');
exit(0);
and here are my results :
nasl -t frillsdmz70 test.nasl
[16355] plug_set_key:send(0)['1 Services/www/80/working=1;
'](0 out of 29): Socket operation on non-socket
HTTP/1.0 500 Internal Server Error
Server: Microsoft-IIS
Date: Thu, 08 Jul 2004 10:07:53 GMT
Content-type: text/html
HEADTITLE500: Server Error [10-0004]/TITLE/HEAD
BODY
H1500: Server Error [10-0004]/H1
BR
/BODY
/HTML
5-1Success
HOLE
It seems that the value of n issued by the send(socket:soc, data:crap(5));
command is 5-1 and not the indication
of the closing of the port.
Did I mis-interpret my results, or is there a real coding error in the
plugin?
Patrice ARNAL
___
Nessus mailing list
[EMAIL PROTECTED]
http://mail.nessus.org/mailman/listinfo/nessus
Re: remote ms_asn-Plugin?
Don't be too much in a hurry : A nessus plugin on the web means an exploit on the web ! Beirne Konarski [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] 13/02/2004 15:21 To:[EMAIL PROTECTED] cc: Subject:Re: remote ms_asn-Plugin? On Thursday 12 February 2004 05:24 am, Paul Johnston wrote: Hi, FYI, I found out that Retina does indeed have a non-destructive, no-privs test for the vuln. It uses NTLMv2 on the SMB ports. Not much use in my case. So does this mean that it will be a while before there is a plugin? I don't want to be a pest, but knowing will help with our planning. Beirne Take it easy, Paul Renaud Deraison wrote: On Wed, Feb 11, 2004 at 04:52:04PM +0100, Thomas Springer wrote: A ny chances for one or more plugins that are working remotely by trying to exploit the vuln? John is working on one. ___ Nessus mailing list [EMAIL PROTECTED] http://mail.nessus.org/mailman/listinfo/nessus -- Beirne Bern Konarski [EMAIL PROTECTED] Untouched by Scandal ___ Nessus mailing list [EMAIL PROTECTED] http://mail.nessus.org/mailman/listinfo/nessus ___ Nessus mailing list [EMAIL PROTECTED] http://mail.nessus.org/mailman/listinfo/nessus
Apache Chuncked Encoding
Hello I got some curious results from apache_chunked_encoding.nasl. It pointed out most of IIS servers as vulnerable apache server to be updated I unchecked the safe-check tag , in order to have the REAL test proceeded. Can you tell me if ther is a flaw in the nasl code or if the IIS server is really vulnerable to the chuncked encoding flaw ? Thank for the help Patrice ARNAL ALCANET France Site d'ILLKIRCH 1 Route du Dr Albert SCHWEITZER 67408 ILLKIRCH CEDEX
Nmap and MacOS X
Hello I use Nessus and Nmap for windows in my day to day work. For the first time I encountered a blocking of nmap, either from windows or from Nessus. The suspected system is a Titanium processor with Mac OS X installed, the firewall from Mac Os is up. As the user was a former windower the name resolution is achieved by wins hence some Netbios ports are open. The symptoms from nessus : from a fresh nessus client ( all setting to default) , I launched a scan on this machine : 10 hours later it was still in the nmap.nasl ! I stopped the test and I got a lot of open ports in the report from nessus. To make sure, I lauched Nmapwin from my station and 3 hours later Ikilled it : No answer at all I am aware that this is rather an nmap issue than a nessus one, but the nessus users are nmap users too. Thanks for any help and have a nice day Patrice ARNAL ALCANET France Site d'ILLKIRCH 1 Route du Dr Albert SCHWEITZER 67408 ILLKIRCH CEDEX - [EMAIL PROTECTED]: general discussions about Nessus. * To unsubscribe, send a mail to [EMAIL PROTECTED] with unsubscribe nessus in the body.
nessus-update-plugins
Hello I have a little configuration problem with nessus-update-plugins : I use a proxy server and the the proxy-user have a space inside I tried \ , ' , double quote to pass correctly this space from the ~/.nessus-update-pluginsrc but I did not succeed, the only fix I found was to get my own copy of nessus-update-plugins and hard code the line : #$fetch_cmd $proxyopts http://www.nessus.org/nasl/all-1.2.tar.gz | $gzip -cd | tar $tar - by /usr/bin/wget -q -O - --proxy=on --proxy-user=FisrtName LastName --proxy-passwd=password http://www.nessus.org/nasl/all-1.2.tar.gz | $g Patrice ARNAL ALCANET France Site d'ILLKIRCH 1 Route du Dr Albert SCHWEITZER 67408 ILLKIRCH CEDEX - [EMAIL PROTECTED]: general discussions about Nessus. * To unsubscribe, send a mail to [EMAIL PROTECTED] with unsubscribe nessus in the body.
