Re: false positive?
On Feb 5, 2009, at 9:54 PM, Deepak J. Mathew wrote: Question.. Vulnerability Nessus ID 34820 shows that a server has the vulnerability: [...] But, this fix was to install the latest and greatest version of BES, which it already has the newest version/the fix for this vulnerability. Which version did you install exactly ? ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
Re: Should I use .nrs or .nessus ?
On Jan 28, 2009, at 10:48 PM, Lachance, François wrote: Interesting. Your answer makes me wonder what Tenable position is regarding .NBE output. Is it the same? We do not _recommend_ using .nbe, because it gives you less context than the .nessus format, but at this time there is no plan to remove it. -- Renaud ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
From mailing lists to web forums
Hello everyone, For 10 years now, the Nessus user base has been supported with the use of mailing lists as a medium to communicate with the community. To date, they served their purpose but I've been looking for a more modern way to for the community to communicate. So, we've decided to upgrade the mailing lists to a web-based forum, which is available at: https://discussions.nessus.org/ The benefit of the interface we selected is that email aficionados can still configure it to get email notifications, but you can also use RSS to keep track of the new messages, and basically each user can configure it to its liking. Note that we're doing a fresh start, so you will need to register on the portal to create yourself an account. Some forums can be browsed without having an account, but you need an account to post a message. Here are the initial new forums we have created (we're always interested in feedback regarding other forums you think would be helpful): - Nessus: Scanning Forum: this forum's topic covers everything from installing your scanner to getting it to perform a full scan - Nessus: Reports Forum: this forum's topic covers the next steps after a scan: you'd go there to get information about the contents of a report (ie: how to resolve a given flaw or misconfiguration), how to handle large reports, etc... - Nessus : Advanced Forum: this forum is about everything advanced regarding Nessus -- plugin writing, complex rules files, etc... In addition to this, Tenable ProfessionalFeed and Enterprise product customers who create an account with the same email address as they use for the Customer Support portal will get automatic access to forums dedicated to what they purchased -- ProfessionalFeed, Security Center, our Log Correlation Engine, our Passive Vulnerability Scanner, etc... While we'll keep the Nessus mailing lists archives online, we'll plan to phase out the mailing lists over time. On February 16th, we'll disable all the Nessus lists (except the low volume nessus-announce@). Once again, the discussion portal is at : https://discussions.nessus.org/ Thanks and have a great week, -- Renaud ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
Tenable / ImmunitySec / D2 partnership
Hi everyone, As many pen-testers use Nessus in conjunction with other tools, I'd like to point out that Tenable today announced a partnership with Immunity, Inc. and DSquare Security, LLC. which allows new customers to procure the Nessus ProfessionalFeed, CANVAS penetration testing tool and cutting edge exploit content from Immunity and DSquare at a very competitive price point. DSquare also released a tool which lets you use a .nessus report and convert it into a list of exploits you can use within CANVAS -- see the video at: http://www.d2sec.com/d2nessus.htm Ron blogged about this partnership at: http://www.nessus.org/u?edb157f8 Finally, since this is my first post of 2009 on this list, I would like to wish a happy new year to everyone! Take care, -- Renaud ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
Re: Nessus 3.2.1 and FreeBSD 7.1
Hi Saad, On Jan 7, 2009, at 3:52 PM, Saad Kadhi wrote: Hi there, FreeBSD 7.1 was released on Jan 5th and I would like to know if Nessus and particularly version 3.2.1 already supports this OS. If that's not the case, when will it be supported? FreeBSD 7.0 and FreeBSD 7.1 are binary compatible, so the same Nessus 3.2.1 package works on both :) -- Renaud ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
Re: nessusd -R every time?
Hi John, On Dec 29, 2008, at 9:50 AM, Simon John wrote: Hi, I'm writing some NASL plugins at the moment and am getting fed up of going through the following procedure to make sure the new script is seen by NessusClient: 1. copy script from Git repository to the plugins directory 2. sign the script with nasl -S 3. nessusd -R 4. /etc/init.d/nessusd restart 5. reconnect client to server The worst part is nessusd -R which takes forever even on a 3.2GHz quad core! Isn't there a way this can be skipped or sped up as its a bit of a pain, especially when you've forgotten a semi-colon somewhere in your script and you've got to go through it all again! I can only think of temporarily moving most of the plugins out of the way, just leaving enough to satisfy dependencies. Any other ideas? nessusd -R purges the entire plugin database and re-processes every plugin. This should only be used when a DB is corrupt. For your use case, you should use nessusd -t which performs a checksum on each plugin and only reprocesses those which changed. It's way faster and should remove the pain. Also, prior to putting the script into the plugins/ directory, you should use nasl -L to make sure it parses properly. -- Renaud ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
Re: nessusd -R every time?
On Dec 29, 2008, at 1:32 PM, Simon John wrote: Renaud Deraison wrote: [snip] For your use case, you should use nessusd -t which performs a checksum on each plugin and only reprocesses those which changed. It's way faster and should remove the pain. That does seem to be a lot faster thanks, however it never returns control to the console, you need to Ctrl-C it. That's because 'nessusd -t' is similar to 'nessusd' in the sense that it really starts the nessusd process and won't return. Use nessusd -t -D to make it run in the background. A quick strace nessusd -t reveals that it sits there trying to bind to ipv6 or something - which I have disabled on my Linux install (and have enable_listen_ipv6=no in nessusd.conf) : open(/proc/net/if_inet6, O_RDONLY)= -1 ENOENT (No such file or directory) Even though you disabled binding to ipv6, nessusd checks wether ipv6 is enabled -- you could have a nessusd daemon explicitely listening on IPv4 only, but still want it to scan IPv6 targets. -- Renaud ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
Re: detect world writeable nfs shares on unix system services?
Hi Jeff, On Dec 16, 2008, at 6:07 PM, Jeff Cranfill wrote: New user, running Nessus 3 on XP sp3. The following plugins work correctly for me when attempting to identify world writeable nfs shares in a small *nix environment: Mountable NFS Shares NFS export User Mountable NFS shares However, they do not seem to pick up on two MS servers running Unix System Services. Using 'showmount -e ussserver1or2' from the *nix boxes clearly shows exported directories (and one writeable to everyone) available. Is there another plugin available that would display these as the 'nfs export' plugin does? Or any suggestions on how to modify it so that it will include them? First, could you make sure you're running the most up to date set of plugins? We fixed some issues in NFS a month or so ago, maybe that will solve your problem. If not, could you send me (privately) a pcap of the traffic sent while you do a 'showmount -e ussserver1or2' ? Thanks, -- Renaud ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
Re: Vulnerabilities in DNS Could Allow Spoofing (953230) possible false positive.
On Dec 10, 2008, at 9:38 PM, Richard Puerto wrote: Nessus 3 detecting Vulnerabilities in DNS Could Allow Spoofing (953230) on my Windows XP SP3 box. Micrososft says that this vulnerability does not apply to Windows XP SP3 . Anyone encountering the same thing? Windows XP SP3 is affected by this flaw. Here is the direct link to the patch: http://www.microsoft.com/downloads/details.aspx?familyid=ed989a33-7a9e-4423-93a8-b38907467cdfdisplaylang=en -- Renaud ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
Re: Skype detection
Hello François, On Nov 28, 2008, at 12:19 AM, Lachance, François wrote: I'm trying to use Nessus to detect machines that have Skype installed. If I select only the plugins that have the word Skype in the description, it doesn't find anything when I scan my test machine that has Skype loaded. If I use the Default scan policy, it does report correctly that Skype is on it. I'm pretty new to Nessus, so I'm sure I'm missing something simple. What are the things I should be watching for in order to get this to work? Skype can run on any port. Therefore, no matter how minimal you want your scanning policy to be, you'll need to enable a port scanner on all 65k ports to then be able to detect it. -- Renaud ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
Re: Local Security Checks for OSX 10.4 and 10.5 broken
Hi Ron, We can not reproduce your problem here (tested against 10.5.5 with both password authentication and public key authentication). Are you doing a key authentication or a password-based one? If it's a public key authentication, i'd be interested in seeing the format of the public key you're using (you can send it to me privately) Thanks, -- Renaud On Nov 6, 2008, at 12:07 AM, Ron wrote: I am supporting a sysadmin with 70 OSX workstations and servers. I have installed Nessus 3.2.1 client and server on the admin host. I can reliability perform a Local Security Check on some OSX boxes and not others.. They are all either Tiger (10.4.11) or Leopard (10..5.5). I have tried both SSH username/passwords and public/ private keys authentication with identical results. In addition, I can always connect with ssh directly with either username/password and Pub/private keys. Even though my ssh/sshd is current (OpenSSH 5.1), possibly Nessus itself is using it's own ssh client internal to Nessus itself. Maybe there is a problem there. I think I have followed the Nessus Credential Checks for Unix and Windows exactly. But obviously something is wrong. I'm open to any ideas. Thanks Ron [EMAIL PROTECTED] -- Here's a dump of the failed login from /var/log/secure.log using PKI Nov 5 10:57:47 clusterg4-350-5 sshd[2952]: reverse mapping checking getaddrinfo for host.company.netl [172.17.119.27] failed - POSSIBLE BREAK-IN ATTEMPT! Nov 5 10:57:47 clusterg4-350-5 sshd[2952]: Accepted publickey for zeus from 172.17.119.27 port 61466 ssh2 Nov 5 10:57:47 clusterg4-350-5 sshd[2952]: error: BSM audit: bsm_audit_session_setup: setaudit_addr failed: Function not implemented Nov 5 11:01:41 clusterg4-350-5 sshd[2958]: Did not receive identification string from 172.17.119.27 Nov 5 11:01:41 clusterg4-350-5 sshd[2959]: Did not receive identification string from 172.17.119.27 Nov 5 11:01:41 clusterg4-350-5 sshd[2960]: Did not receive identification string from 172.17.119.27 Nov 5 11:01:42 clusterg4-350-5 sshd[2961]: Did not receive identification string from 172.17.119.27 Nov 5 11:01:42 clusterg4-350-5 sshd[2962]: Did not receive identification string from 172.17.119.27 Nov 5 11:01:43 clusterg4-350-5 sshd[2963]: Did not receive identification string from 172.17.119.27 Nov 5 11:01:44 clusterg4-350-5 sshd[2964]: Did not receive identification string from 172.17.119.27 Nov 5 11:01:44 clusterg4-350-5 sshd[2965]: Did not receive identification string from 172.17.119.27 Nov 5 11:02:14 clusterg4-350-5 sshd[2969]: Did not receive identification string from 172.17.119.27 Nov 5 11:02:34 clusterg4-350-5 sshd[2976]: Protocol major versions differ for 172.17.119.27: SSH-2.0-OpenSSH_5.1 vs. SSH-9.9- NessusSSH_1.0 Nov 5 11:02:34 clusterg4-350-5 sshd[2978]: Protocol major versions differ for 172.17.119.27: SSH-2.0-OpenSSH_5.1 vs. SSH-1.33- NessusSSH_1.0 Nov 5 11:02:34 clusterg4-350-5 sshd[2980]: Protocol major versions differ for 172.17.119.27: SSH-2.0-OpenSSH_5.1 vs. SSH-1.5- NessusSSH_1.0 Nov 5 11:02:44 clusterg4-350-5 sshd[2975]: Did not receive identification string from 172.17.119.27 Nov 5 11:02:45 clusterg4-350-5 sshd[2995]: Protocol major versions differ for 172.17.119.27: SSH-2.0-OpenSSH_5.1 vs. SSH-9.9- NessusSSH_1.0 Nov 5 11:02:45 clusterg4-350-5 sshd[2996]: Protocol major versions differ for 172.17.119.27: SSH-2.0-OpenSSH_5.1 vs. SSH-1.33- NessusSSH_1.0 Nov 5 11:02:45 clusterg4-350-5 sshd[2997]: Protocol major versions differ for 172.17.119.27: SSH-2.0-OpenSSH_5.1 vs. SSH-1.5- NessusSSH_1.0 Nov 5 11:03:14 clusterg4-350-5 sshd[3001]: Did not receive identification string from 172.17.119.27 Nov 5 11:03:14 clusterg4-350-5 sshd[3002]: Did not receive identification string from 172.17.119.27 -- Here's a dump from from a successful pki login Nov 5 10:57:30 Schillingmac sshd[7092]: Accepted publickey for scan from 172.17.119.27 port 61362 ssh2 Nov 5 10:57:30 Schillingmac sshd[7092]: error: BSM audit: bsm_audit_session_setup: setaudit_addr failed: Function not implemented Nov 5 10:57:35 Schillingmac sshd[7096]: Protocol major versions differ for 172.17.119.27: SSH-2.0-OpenSSH_5.1 vs. SSH-9.9- NessusSSH_1.0 Nov 5 10:57:35 Schillingmac sshd[7099]: Protocol major versions differ for 172.17.119.27: SSH-2.0-OpenSSH_5.1 vs. SSH-1.33- NessusSSH_1.0 Nov 5 10:57:35 Schillingmac sshd[7100]: Protocol major versions differ for 172.17.119.27: SSH-2.0-OpenSSH_5.1 vs. SSH-1.5- NessusSSH_1.0 Nov 5 10:57:36 Schillingmac sshd[7097]: reverse mapping checking getaddrinfo for
Re: plugin source
Hi Scott, Due to recent abuses we had to take this down (the source code is still available in the plugin archive though). They system as one knew it is gone for good, but we might add it back in a form or another (probably with authentication). I can not promise you any ETA though. -- Renaud On Nov 4, 2008, at 6:00 PM, Scott Pate wrote: I have noticed recently that the link to view the plugin source code is no longer available from the nessus.org/plugins site. Is this going to return, or is it gone for good? thx ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
Re: Nessus Development Question
Hi James, On Oct 30, 2008, at 4:43 PM, James Birk wrote: Are there any plans currently to carbonize Nessus under OS X to take advantage of the upcoming Grand Central/OpenCL in OS X 10.6? If not, is this something that's completely off the table, or something that would be considered? As far as Grand Central goes, that technology is interesting for applications which have not been multi-threaded yet. While Nessus 3 is not multithreaded per se, it divides the work among multiple processes, which eventually leads to the same result. As far as OpenCL goes, we've done little investigation, I doubt there are any major benefits using it in our case. OpenCL is useful for raw calculations, but what nessusd/NASL do are mostly system calls (send/ recv). Maybe we could benefit by moving _some_ items to OpenCL (the regex, and the plugin compilation) but no clear test has been done yet. -- Renaud ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
Re: MS08-067 Plugins Crashing SVCHOST.EXE
Sonny, Sorry to hear about this. Older versions of this plugin (pre 1.11) are supposed to be safe but in some corner cases, as Omen Wild reported, it could take down svchost.exe. We immediately worked with Omen about this and believe that version 1.11, which was pushed in the feed yesterday, fixes the problem for good (we're waiting for his latest tests though). Could you make sure that you're running version 1.11 of the plugin? I'd advise you to go as far as doing a nessusd -R on your scanners to make sure that you're running the very latest version. Thanks, -- Renaud On Oct 30, 2008, at 8:58 AM, Discini, Sonny wrote: I've heard that others have run into trouble with the MS08-067 plugins. Right now, we've taken down about 2,500 hosts in our environment with these plugins. ERROR FROM EVENT VIEWER: Event Type: Error Event Source: Application Error Event Category: (100) Event ID: 1000 Date: 10/29/2008 Time: 10:11:50 AM Description: Faulting application svchost.exe, version 5.1.2600.5512, faulting module netapi32.dll, version 5.1.2600.5512, fault address 0x00018ae1. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Data: : 41 70 70 6c 69 63 61 74 Applicat 0008: 69 6f 6e 20 46 61 69 6c ion Fail 0010: 75 72 65 20 20 73 76 63 ure svc 0018: 68 6f 73 74 2e 65 78 65 host.exe 0020: 20 35 2e 31 2e 32 36 305.1.260 0028: 30 2e 35 35 31 32 20 69 0.5512 i 0030: 6e 20 6e 65 74 61 70 69 n netapi 0038: 33 32 2e 64 6c 6c 20 35 32.dll 5 0040: 2e 31 2e 32 36 30 30 2e .1.2600. 0048: 35 35 31 32 20 61 74 20 5512 at 0050: 6f 66 66 73 65 74 20 30 offset 0 0058: 30 30 31 38 61 65 31 0018ae1 We have the latest Security Center with the latest build of Nessus on RHEL 5. Our plugins are updated each night. If anyone has a solution or an expected fix date, please let me know. Sonny ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
Re: UDP Port scanner plugin?
Hi Jeff, You'd go to Downloads - Compliance and Audits Files - Download PCI Audit Policies and you'll get the UDP scanner. However, note that this version of the scanner is extremely slow. Whenever possible, use the SSH/WMI netstat scanners instead by providing credentials. -- Renaud On Oct 30, 2008, at 2:05 PM, Mercer, Jeff C - Raleigh, NC wrote: The PCI-DSS plugin article on Tenable's blog says there's a UDP Port Scanner plugin for download from the Nessus plugin website. But I can't find it anywhere in the download section or anywhere else. Has this really been released? ~ Jeff Mercer - USPS CISO - SVA Team E-mail: [EMAIL PROTECTED] Phone : 919-501-9448 ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
Re: UDP Port scanner plugin?
Uises, This is on the customer support portal -- http://plugins-customers.nessus.org . You need to log in with your customer credentials to get in there. Thanks, -- Renaud On Oct 30, 2008, at 4:01 PM, Ulises2k wrote: I can't find UDP Port Scanner plugin following this way Downloads - Compliance and Audits Files - Download PCI Audit Policies. Can you give me more detailed information? Thanks in advance -- Ulises U. Cuñé Web: http://www.ulises2k.com.ar On Thu, Oct 30, 2008 at 16:22, Renaud Deraison [EMAIL PROTECTED] wrote: Hi Jeff, You'd go to Downloads - Compliance and Audits Files - Download PCI Audit Policies and you'll get the UDP scanner. However, note that this version of the scanner is extremely slow. Whenever possible, use the SSH/WMI netstat scanners instead by providing credentials. -- Renaud On Oct 30, 2008, at 2:05 PM, Mercer, Jeff C - Raleigh, NC wrote: The PCI-DSS plugin article on Tenable's blog says there's a UDP Port Scanner plugin for download from the Nessus plugin website. But I can't find it anywhere in the download section or anywhere else. Has this really been released? ~ Jeff Mercer - USPS CISO - SVA Team E-mail: [EMAIL PROTECTED] Phone : 919-501-9448 ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
Re: Plugins.xml
Hi Larry, You can not create this file on Linux and should not rely on it for Windows as it is likely to go away in the future. Use 'nessus -qSp localhost 1241 login password' if you want parsed plugins (remove the 'S' to get some csv-ish output). Alternatively, you can run nasl -VV on each plugin and parse the output that way. -- Renaud On Oct 29, 2008, at 12:30 PM, Larry Petty wrote: I've asked this in the past, but still have not found an answer. Can someone from the Nessus team please respond? I know the Windows version of Nessus has a plugins.xml file. Is there a way to create this file on the Linux versions? I need this file to update our in house reporting tool. In the past I could just use a windows install to get the file, but with the recent licensing changes I can no longer do this without rolling my license each time I do an update. Another option was using the older Nessus client to generate a .xml report. This report contained all the plugins. However, the new .nessus format does not. So how can I generate a plugins.xml on my linux install of Nessus? ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
Re: MS08-067?
On Oct 23, 2008, at 11:07 PM, Omen Wild wrote: Anyone have a plugin for MS08-067 http://www.microsoft.com/technet/security/Bulletin/ms08-067.mspx, CVE-2008-4250? Sure would be nice to beat the hackers to the punch on this one. We have two plugins (one with credentials, one without). Both are in final stage of QA and should be in the feed within an hour or less. ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
Re: MS08-067?
Seems like I was a bit optimistic with regards to QA :) The plugin with credential will be in the feed within an hour or so, and we're investigating the credential-less plugin which will take slightly more time. On Oct 23, 2008, at 11:13 PM, Renaud Deraison wrote: On Oct 23, 2008, at 11:07 PM, Omen Wild wrote: Anyone have a plugin for MS08-067 http://www.microsoft.com/technet/security/Bulletin/ms08-067.mspx, CVE-2008-4250? Sure would be nice to beat the hackers to the punch on this one. We have two plugins (one with credentials, one without). Both are in final stage of QA and should be in the feed within an hour or less. ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
Re: Segmentation Faults
Hi Chris, Try to install the bitstream-vera-fonts or the bitmap-fonts packages and try again. On Oct 15, 2008, at 8:34 PM, christopher ashby wrote: I was just wondering if anyone else has encountered this error when attempting to redirect the nessus client from a redhat ES4 server to a windows host. With Nessus 3.2.1 installed and properly running on a RedHat ES4 server, after issuing the display command, and then executing the NessusClient i receive this error: [1]+ Segmentation fault /opt/nessus/bin/NessusClient any ideas? I have tried restarting the nessusd server, and my X client app on XP. I have other application that utilize x windows and they don't have any issues. thanks -- ashby ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
Re: Segmentation Faults
On Oct 15, 2008, at 9:10 PM, Christopher Ashby wrote: They are already installed: Package bitmap-fonts - 0.3-5.1.1.noarch is already installed. Package bitstream-vera-fonts - 1.10-7.noarch is already installed. Do you have any other suggestions? I'd need the output of 'strace' then. Thanks, -- Renaud ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
Re: existing zlib library not detected
Hi Greg, You probably did not download the Fedora 9 package, but a RPM for an other version of Fedora (or another Linux distribution altogether). You need to install the official Fedora 9 package for a seamless installation. Thanks, -- Renaud On Oct 10, 2008, at 5:09 PM, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Hello Nessus users, I am trying to run nessus on a fedora 9 system. I have the latest versions of zlib and libcrypto installed, yet when I try to install with RPM it says it can’t find libcrypto.so.7, libssl.so.7, and libz.so.1, all of which exist, can be found by ld, and are being used by other software. I forced the install with –nodeps, however when I run nessusd it fails on libz.so.1 . I’ve added sym links, I’ve added an LD_LIBRARY_PATH, I’ve tried compiling zlib from source but nothing works. Where does nessusd look for its libraries, and any ideas on a fix? Regards, Greg ** This e-mail contains confidential information which is intended only for the use of the named addresses/s. If you as recipient are not a named addressee, then you must not in any manner whatever disseminate or copy any part of this e-mail, or use or disclose any of its contents. Please would you notify us immediately by reply e- mail and then delete the message from your system. ** ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
Re: Filter report for hosts with no open ports
Hi Chris, On Oct 1, 2008, at 11:54 AM, Chris Clements wrote: Sorry if this has been asked before, but is there a way in the 3.2 client that I can filter my reports to exclude hosts with no open ports? If you use Nessus 3.2.1 and use the new filtering features (as described on http://blog.tenablesecurity.com/2008/05/nessus-321-rele.html), then you can add the following filter: Only show vulnerabilities that will match any of the following criteria : Port name contains /tcp) Port name contains /udp) The closing parenthesis will hide 'general/tcp'. -- Renaud ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
Re: Activating Nessus VM Appliance
Hello Amit, On Sep 25, 2008, at 9:57 PM, Lad, Amit wrote: I am trying to activate the Nessus VM Appliance using a professional feed code. I am receiving this error. Activating Nessus plugin feed failed: Registration of Nessus plugin feed failed: nessus-fetch returned: 256 Any ideas what the problem could be? You probably mistyped your activation code and it was refused by the server. Note that the activation code is case sensitive. -- Renaud ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
Nessus Virtual Appliance
Hi, Tenable Network Security has released a virtual appliance for the Nessus 3 vulnerability scanner. The VMware appliance is available to ProfessionalFeedand Security Center customers. The appliance image allows for rapid deployments and effortless management of Nessus 3 scanners in virtual environments. Users do not need to concern themselves with managing an operating system and can focus on managing their scanner configurations, operation and performance. More information can be obtained at http://blog.tenablesecurity.com/2008/09/nessus-virtual.html ProfessionalFeed and Security Center customers can download the appliance on the customer support portal, at : http://plugins-customers.nessus.org/ in Downloads - Download Tenable Products - Nessus Vulnerability Scanner All feedback is welcome, either through the support portal or to me directly. Thanks, -- Renaud ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
Re: Nessus Virtual Appliance
Hi James, On Sep 25, 2008, at 7:07 PM, James Birk wrote: Darnit, didn't you guys say just a couple of years ago that Nessus was NEVER to be run on VMware virtual machines, because it's so horribly slow when you do that? What changed? Nessus 3.2 has been optimized to reduce several operations which were slow on VMware. System calls and memory copies have been greatly reduced, and therefore it performs much better than Nessus 3.0 did (and obviously 2.x). This is why you do not get the VMware warning any more when you start Nessus 3.2 in a virtualized environment. Also, VMware deployments are much more mature now than what they used to be several years ago, and is generally done on much beefier hardware. A lot of production services are running on top of ESX today, and we believe that Nessus can safely be added there. Of course, if you have the choice between running Nessus natively on beefy hardware, or virtualized on top of this same hardware, you will get better performance natively. However, the difference between native and virtualized won't be as glaring with 3.2 as what it used to be. -- Renaud ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
Re: unscanned ports closed now appears to be broken?
Hi Jason, On Sep 24, 2008, at 3:05 AM, Jason Haar wrote: Hi there I've just noticed our scheduled nessus scans aren't getting the Windows results they normally return anymore. You probably enabled the portscanner plugin#34220 which causes some re-ordering and causes this bug. In the short term, you should disable it if you want 'unscanned ports as closed to work'. Another option would be to keep it enabled, to disable the option consider unscanned ports as closed and edit nessusd.rules to prevent connecting to the ports you do not want to connect to. ie: reject 0.0.0.0/0:1024-65535 would forbid nessusd from connecting to these ports. We'll fix that problem in 3.2.2. Thanks, -- Renaud ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
Re: unscanned ports closed now appears to be broken?
On Sep 24, 2008, at 12:02 PM, Jason Haar wrote: Renaud Deraison wrote: You probably enabled the portscanner plugin#34220 which causes some re-ordering and causes this bug. Hmm # grep 34220 .nessusrc 34220 = no I don't think that's it? Mhhh, could you send me your full .nessusrc in private please ? Anyhow, we could work around that problem by modifying a couple of plugins, so your next plugin update (in a couple of hours) will solve that issue. Sorry for the inconvenience, -- Renaud ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
Re: Nessus Accuracy: 3 against 1?
Hello Amit, On Aug 27, 2008, at 12:09 PM, Lad, Amit wrote: At this point I was totally confused, because it looks like Nessus technically is correct. So then I run 2 other tools (GFI Languard and Shavlik NetChk) against the same server and they both tell me the server does not require that patch. So now I have a 3 against 1 situations, but in all aspects looking at just the file version, which shows the updated version should tell me the real truth. I believe that the tools you use all use the same backend for patch management (a Microsoft-provided XML file), meaning that they will all be right at the same time, or wrong at the same time. If the DLL installed on the remote hosts has the old version set, then it means the patch has not been fully installed. Try to manually (re)install it on one of the systems and see if that solves the problem. Thanks, -- Renaud ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
Re: NessusClient segfault
Hi Sean, This looks like a conflict between your version of libfontconfig and Qt. Could you verify that the library you're using indeed is the one provided by Red Hat ? What do rpm -qf /usr/lib/libfontconfig.so.1 tell you ? Thanks, -- Renaud On Aug 27, 2008, at 12:05 PM, Sean Hanson wrote: Anyone? -- Forwarded message -- Date: Fri, 22 Aug 2008 11:44:48 -0700 From: Sean Hanson [EMAIL PROTECTED] To: nessus@list.nessus.org Subject: NessusClient segfault I just installed nessus 3.2.1 and the linux nessusclient on a rhel5 box, and when running nessusclient, it returns Segmentation Fault. Here's a backtrace if that helps. #0 0x00293fe0 in FcNameParse () from /usr/lib/libfontconfig.so.1 #1 0x00294051 in FcNameParse () from /usr/lib/libfontconfig.so.1 #2 0x00294090 in FcNameParse () from /usr/lib/libfontconfig.so.1 #3 0x00294226 in FcNameParse () from /usr/lib/libfontconfig.so.1 #4 0x002948fe in FcPatternGetString () from /usr/lib/ libfontconfig.so.1 #5 0x00e75fe5 in QFontDatabase::writingSystemSample () from /opt/nessus/lib/libQtGui.so.4 #6 0x00e76596 in QFontDatabase::writingSystemSample () from /opt/nessus/lib/libQtGui.so.4 #7 0x00e7aae7 in QFontDatabase::loadXlfd () from /opt/nessus/lib/libQtGui.so.4 #8 0x00e7b2b1 in QFontDatabase::load () from /opt/nessus/lib/libQtGui.so.4 #9 0x00e6e580 in QFontMetrics::lineSpacing () from /opt/nessus/lib/libQtGui.so.4 #10 0x010263c7 in QLabel::setTextInteractionFlags () from /opt/nessus/lib/libQtGui.so.4 #11 0x01026946 in QLabel::minimumSizeHint () from /opt/nessus/lib/libQtGui.so.4 #12 0x00d0873f in qSmartMaxSize () from /opt/nessus/lib/libQtGui.so.4 #13 0x00d0a0ff in QWidgetItem::maximumSize () from /opt/nessus/lib/libQtGui.so.4 #14 0x00cec05c in QBoxLayout::invalidate () from /opt/nessus/lib/libQtGui.so.4 #15 0x00ced100 in QBoxLayout::maximumSize () from /opt/nessus/lib/libQtGui.so.4 #16 0x00cec05c in QBoxLayout::invalidate () from /opt/nessus/lib/libQtGui.so.4 #17 0x00ced100 in QBoxLayout::maximumSize () from /opt/nessus/lib/libQtGui.so.4 #18 0x00cec05c in QBoxLayout::invalidate () from /opt/nessus/lib/libQtGui.so.4 #19 0x00cecf32 in QBoxLayout::setGeometry () from /opt/nessus/lib/libQtGui.so.4 #20 0x00d06090 in QLayoutPrivate::doResize () from /opt/nessus/lib/libQtGui.so.4 #21 0x00d07229 in QLayout::activate () from /opt/nessus/lib/ libQtGui.so.4 #22 0x00d2b20d in QWidget::setVisible () from /opt/nessus/lib/libQtGui.so.4 #23 0x00d13d6d in QStackedLayout::setCurrentIndex () from /opt/nessus/lib/libQtGui.so.4 #24 0x00d14172 in QStackedLayout::insertWidget () from /opt/nessus/lib/libQtGui.so.4 #25 0x01088654 in QStackedWidget::insertWidget () from /opt/nessus/lib/libQtGui.so.4 #26 0x010929aa in QTabWidget::insertTab () from /opt/nessus/lib/libQtGui.so.4 #27 0x01092a29 in QTabWidget::insertTab () from /opt/nessus/lib/libQtGui.so.4 #28 0x01092a93 in QTabWidget::addTab () from /opt/nessus/lib/ libQtGui.so.4 #29 0x08076839 in QWidget::inputMethodEvent () #30 0x08070c80 in QWidget::inputMethodEvent () #31 0x080541b9 in QWidget::inputMethodEvent () #32 0x02a5edec in __libc_start_main () from /lib/libc.so.6 #33 0x08052bc1 in QWidget::inputMethodEvent () ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
Re: Question about manually running the plugin update
On Aug 26, 2008, at 10:27 AM, fisherman wrote: yes, my nessus's version is 2.2.11, nessus.org now NOT support this version's update? Nessus 2.2.11 is current and the plugins work with, but by default it should not try to fetch files from www.nessus.org/nasl/, which makes me wonder if you have a copy installed under /usr/local/ and another one (coming from a port?) coming from somewhere else. Or maybe you installed 2.2.11 through a port which modified the base installation, as many ports unfortunately do. -- Renaud ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
Re: NASL binary storage: dbopen : No such file or directory
On Aug 26, 2008, at 4:54 PM, Soluk, Kirk wrote: Hi, I'm scanning a /17 with nessusd 3.2.0 (build A890) running on a Linux box. The nessusd.dump file contains a significant amount of the following entries: dbopen(/opt/nessus//var/nessus/plugins-desc.db) : No such file or directory NASL binary storage: dbopen : No such file or directory I suppose the double slash between 'nessus' and 'var' (i.e. nessus// var) is the problem? The scan progresses and completes but is wayyy to slooww Assuming this error may be affecting the performance of the scan, any suggestions as to what is causing it or how to fix it? The double slash is not a problem. However, it seems that for some reason, your db file disappeared. Try to run 'nessusd -R' (even while the scan is on-going), that might solve the problem. -- Renaud ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
Re: Question about manually running the plugin update
On Aug 25, 2008, at 11:57 PM, fisherman wrote: I Get another Error: [EMAIL PROTECTED]:/var/lib/nessus# nessus-update-plugins An unknown HTTP error occured (http error code: 404) E: Could not retrieve the plugins MD5 Aborting Your scanner is not registered. You need to register by doing : /opt/nessus/bin/nessus-fetch --register activation code Also, make sure that you do not have an older version of Nessus lying around. By looking at your error messages and the PATHs, you seem to have an older version of Nessus 2.x installed (older than the current 2.2.11). -- Renaud ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
Re: better timeout values for WAN-based scans?
On Aug 21, 2008, at 1:32 PM, Michel Arboi wrote: You can also play with the hidden option nessus_tcp_scanner.micro_timeout; try setting it to 300 µs (in nessusd.conf or .nessusrc...) nessus_tcp_scanner.micro_timeout=300 To other options to set in your nessusrc file (or nessusd.conf) : use_kernel_congestion_detection = yes reduce_connections_on_congestion = yes -- Renaud ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
Re: Nessus and Skype on Linux platforms
Hello Patrice, On Aug 13, 2008, at 5:29 PM, Patrice ARNAL wrote: Hello, According to my own experience and to https://bugs.launchpad.net/ubuntu/+source/qt4-x11/+bug/115970 This has been confirmed with one reporter to be caused by nessus which installs its own copy of Qt4. The nessus installation on Ubuntu breaks the QT4 library and prevents skype from running... We've just released a new NessusClient 3.2.1.1 for Unbuntu (and Fedora 9) which correct this particular issue. Thanks, -- Renaud ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
Re: Nessus and Skype on Linux platforms
Patrice, On Aug 13, 2008, at 5:29 PM, Patrice ARNAL wrote: Hello, According to my own experience and to https://bugs.launchpad.net/ubuntu/+source/qt4-x11/+bug/115970 This has been confirmed with one reporter to be caused by nessus which installs its own copy of Qt4. The nessus installation on Ubuntu breaks the QT4 library and prevents skype from running... Is there a reason to package QT4 with Nessus? We're looking into this bug. There are many different versions of QT, so providing our own version makes things easier. We'll try to resolve that problem quickly, -- Renaud ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
Re: bug in 24270
On Aug 6, 2008, at 6:32 AM, Jason Haar wrote: Hi there The amount of RAM installed on a Windows host returned by 24270 is incorrect - at least in some cases. I am seeing negative numbers coming through. e.g. a WinXP-SP2 host with 3668012 KBytes of RAM (as returned by my own WMI check) is reported as -513 MB by 24270. We fixed this and the update will soon be pushed into the feed. Thanks and sorry for the problem, -- Renaud ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
Nessus 3.2.1.1 (Windows) released
Hi, Nessus 3.2.1.1, an errata release for Windows, is now available. This version fixes the following Windows-specific bugs: - With some configurations, Nessus would fail to determine that remote hosts are up ; - When the same service runs on different ports, not every instance would be scanned ; - Nessus 3.2.1 would not be able to import Nessus 3.0.x reports ; Nessus 3.2.1.1 can be downloaded from http://www.nessus.org/download/ Thanks, -- Renaud ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
Re: antivirus_installed.nasl
Hi John, On Jul 17, 2008, at 6:22 PM, John Scherff wrote: Ron, These are extra (custom) plugins, not modifications to existing ones. However, I agree with your point; nasl scripting isn't for the feint-of-heart (the language is ridiculously easy, but it requires a lot of knowledge about how nessus works under-the-hood). My recommendation for anyone wanting to go down that road is to spend a LOT of time looking through KB files to see how nessus keeps track of things as it scans a host. Also please note that using our .inc files is not something which can be done without our authorization (ie: http://mail.nessus.org/pipermail/nessus/2008-May/018780.html). Have you guys made the nasl3 programming guide/API publicly available? Not yet, this is in progress. -- Renaud ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
Re: Old HTML Format Sorting?
On Jul 11, 2008, at 12:15 AM, Boom Switch wrote: On Tue, Jul 8, 2008 at 1:03 AM, Renaud Deraison (lists) [EMAIL PROTECTED] wrote: Any chance the filtering features in Nessus 3.2.1 will let me get around this? Depending on what you intend to achieve, you can indeed use the filtering features in the GUI -- once a filter is applied, if you export the report to .NBE then only what matches the filter will be exported. Okay, thanks. Quick question... are Nessus 3.2.0 reports (.nessus files) compatible with the filtering features in 3.2.1? In other words, can I upgrade to 3.2.1 and load my 3.2.0 .nessus files and use the filtering on them? Yes you can. Have a good week-end, -- Renaud ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
Re: Old HTML Format Sorting?
Hi, On Jul 7, 2008, at 10:42 PM, Boom Switch wrote: When I convert a report ilke that from NBE to the old HTML format, I get a random order like: 192.168.2.1 192.168.1.101 192.168.3.8 192.168.1.100 This gives me trouble with larger scans, as many hosts are grouped logically by OS or application, and it becomes cumbersome to view and test the results when all the hosts are out of order. This is a bug, we'll get that fixed in a future release. Is there any way to work around this so I can 1) still export to the old HTML format that has hyperlinks and 2) retains the order in the original NessusClient report (the one you see when you load a saved .nessus file) ? Try to sort the .nbe file based on the host IPs first, and then pass it to the command line client, it might solve your problem. Any chance the filtering features in Nessus 3.2.1 will let me get around this? Depending on what you intend to achieve, you can indeed use the filtering features in the GUI -- once a filter is applied, if you export the report to .NBE then only what matches the filter will be exported. -- Renaud ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
Re: Remote host dead?
What kind of network interface are you scanning thru ? (ethernet, wireless, etc...) Thanks, -- Renaud On Jun 26, 2008, at 6:51 AM, Sergio Castro wrote: I can confirm I got very similar results - Sergio -Mensaje original- De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] ] En nombre de Roman Medina-Heigl Hernandez Enviado el: Miércoles, 25 de Junio de 2008 03:21 p.m. Para: nessus@list.nessus.org Asunto: Re: Remote host dead? Hello, I can confirm 3.2.1 for Windows is buggy. What I did (using my laptop with 3.2.1 version): - scan a host (my website) - Failed (Remote host dead) - reinstall Nessus 3.2.1 and repeat the test - Failed again - uninstall 3.2.1 and install 3.2.0. Repeat the scan - Succeded! - upgraded plug-ins (keeping 3.2.0) and repeat the scan - Succeded! So it seems not a problem in plug-ins but in Nessus 3.2.1 (Windows). At the moment, my advice for windows users would be downgrading to 3.2.0. During the tests, I monitorized traffic with Wireshark: - remote host dead - Nessus sent two SNMP probes ; and received two icmp responses, because snmp target port is closed. Nothing more. - alive - Like the former one but then Nessus continued sending tcp packets! :-) Since Sergio had the same problem, I'm wondering if the problem is known and whether it is being reviewed. Regards, -Roman Roman Medina-Heigl Hernandez escribió: Sergio, which Nessus version are you using? I have 3.2.0 (windows) on my desktop and in my case could solve the problem by activating icmp ping (as sugested by George). This was possible because the scanned host is responding to icmp echo (although it's got closed all the ports used by tcp ping). I've got 3.2.1 (windows) on my laptop and it's not working at all against the very same host. I thought it's a problem in my laptop, not Nessus'. But if you confirm 3.2.0 worked for you but not 3.2.1... Please, could you elaborate on that? Anyway, don't panic, I still think it could be some kind of problem in my laptop (perhaps some antivirus module, etc although I disabled Windows firewall and some antivirus services, and the problem remains...). Cheers, -Roman Sergio Castro escribió: I reported this exact same problem a few weeks ago. I was running the previous version of Nessus with no problems whatsoever. Then I updated to the latest version for Windows, and had this remote host is dead problem too. Nothing changed in my system, and I tried to scan the exact same hosts I was sucessfully scanning with the older version of Nessus. With the help of Ron Gula, I went through the same troubleshooting you are going through, with no results. I still can't scan hosts on the Internet, only LAN. Regards, Sergio -Mensaje original- De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] En nombre de Roman Medina-Heigl Hernandez Enviado el: Lunes, 23 de Junio de 2008 02:21 p.m. Para: nessus@list.nessus.org Asunto: Remote host dead? Hello, I'm trying to scan a host with the default policy. The host is alive and responding to pings. I got no results when scanning with Nessus 3.2.0 (Windows). Looking at scan.log (in he logs dir), I can see a remote host is dead. But my question is why? If I run nmap against the host, I can see unprivileged ports open (1024) and of course it's responding to ping. I also entered 1-65535 in port scanner range. No luck at all. Am I missing something? Perhaps a bug in Nessus? Another question, how could I debug this? If I enable the option to save a packet capture of the scan, I couldn't find any new log on logs dir (where should it be placed?) Log attached (IP stripped; I could provide it in private for testing/debugging purposes): [Mon Jun 23 20:56:43 2008][540] Use default port range [Mon Jun 23 20:56:48 2008][540] user localuser : testing X.X.X.X (X.X.X.X) [540] [Mon Jun 23 20:56:48 2008][540] Scan X.X.X.X using 21942 plugins [Mon Jun 23 20:56:48 2008][540] user localuser : launching clrtxt_proto_settings.nasl against X.X.X.X [1] [Mon Jun 23 20:56:48 2008][540] user localuser : launching dont_scan_settings.nasl against X.X.X.X [2] [Mon Jun 23 20:56:48 2008][540] user localuser : launching ssh_settings.nasl against X.X.X.X [3] [Mon Jun 23 20:56:48 2008][540] clrtxt_proto_settings.nasl (process 1) finished its job against X.X.X.X in 0.000 seconds [Mon Jun 23 20:56:48 2008][540] dont_scan_settings.nasl (process 2) finished its job against X.X.X.X in 0.000 seconds [Mon Jun 23 20:56:48 2008][540] ssh_settings.nasl (process 3) finished its job against X.X.X.X in 0.000 seconds [Mon Jun 23 20:56:48 2008][540] user localuser : launching snmp_settings.nasl against X.X.X.X [4] [Mon Jun 23 20:56:52 2008][540] snmp_settings.nasl (process 4) finished its job against X.X.X.X in 3.578 seconds [Mon Jun 23 20:56:52 2008][540] user localuser : launching ping_host.nasl against X.X.X.X [5] [Mon Jun
Re: RELOADING NESSUS
On Jun 26, 2008, at 5:52 PM, John Scherff wrote: We have several custom plugins. We've been reloading nessus with nessusd -R whenever there are changes to these plugins or when we add new ones. Will nessusd -t accomplish the same thing -- load new and changed plugins -- without the overhead of reloading unchanged plugins? Or will it just check timestamps of previously-existing (not new) plugins? Hi John, nessusd -t will check the checksum (in 3.2) or the timestamp (in 3.0) of every plugin in the plugins directory, so it will accomplish what you need. Take care, -- Renaud ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
Re: recommended operating system for Nessus
Hi Micha, I would recommend using the 32bits Red Hat Enterprise Linux 5 (or its free equivalent, CentOS 5). Take care, -- Renaud On Jun 25, 2008, at 12:16 PM, Micha Borrmann wrote: Hello, Several operating systems are supported, but my question is, what is the main os or what is the operating system for the developement. E.g. the client on OS X can authenticate with a SSL certificate only since version 3.2.1, but on Linux it is available for a long time. I would like to use the same os than Tenable because it will reduce trouble (I hope so). If it is Linux (I guess it is), it would be nice to know the used distribution, because NessusClient isn't available for the amd64 distributions. Thanks in advance for helpful hints Micha Borrmann ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
Re: NessusClient 3.2
Hi Scott, On Jun 18, 2008, at 5:07 PM, Scott Pate wrote: Thanks Renaud, I understand documentation is difficult, but I have to say it's frustrating when certains features are added or removed with little or no documentation. For instance, the KB. It has been my practice to use the KB and it's functionality when re-running a scan, such as don't scan hosts already scanned, or don't re-run port scannersI also know that when you use the nasl command to run individual plugins, some of them depend on information from the KB and they will not run if you have not saved the KB. So when these options no longer exist in the new client, it leaves me to wonder how this change affects the funtionality of the scanner, and how that will impact my scans. KB saving is still there and exposed (and can be re-used in command- line nasl with the -k switch). Once again, we try to document everything, but in this particular case what you really want is not so much documentation vs. documenting what's different in the new re-written client compared to the older one, which is a much more difficult exercise. Also, with regard to optimize tests, when this functionality is removed, how does that affect the scan as well? Do I know that the functionality of un-checking this box still extists? Where is this documented? optimize tests is still there on the server side, but not exposed in the client. You can still control this by editing nessusd.conf or your .nessus files directly. Why did we remove it ? Because it does not do what most people think it does. This option was added in 2001 (I believe) and should never have been exposed, as it as more to do with the inner workings of nessusd (likewise, you do not have a checkbox telling nessusd not to re-order plugins based on their dependencies - it's just there). I also noticed the addition of the Probe services on every port option which to me sounds familiar to what optimze tests used to do. Optimize the test has never been similar to this option. What optimize the tests does is that plugins have an API where there expose their run requirements to nessusd -- ie: they want port 80 OR Services/www to be open (or to be in an unknown state). Or they want registry access, etc... If you disable this option, you get to force plugins to run in spite of missing requirements, and you basically obtain the same result (the plugin exits quicky) although you spent a lot of CPU cycles and network traffic for nothing. The description for this option is that nessus will attempt to match each open port with the service that is running on that port. So does this mean every port that was scanned, or every port that is open? and If I don't have this checked, does this mean nessus will not try to identify services on all ports? What services will it try to identify? What exactly does All ports mean? All 65535 ports or just ports that are specified in the port scanner, or just ports that are open? This option means that we're going to identify the list of services running on every port we found to be open. If the list of open ports was obtained via a TCP scanner, then that list of ports will (obviously) be in the port range specified. If it was possible to log into the remote host via SSH and obtain the list of ports via netstat, or to get it via SNMP, then that means all open ports. I have learned through experience that documentation on nessus, while helpful, does not address all, nor some of the more advanced features of nessus. There are obviously many many options that can be set, and I have taught myself through many hours of trial and error what exactly each option does and how it affects the scan. Particularly when you are dealing with multiple options that seem related. For instance, I learned (alteast with the older nessus client) that if you disable ping host in the general tab, but still leave tcp ping enabled in global options, that nessus will still try to ping the host. The problem is that we're trying to make Nessus evolve quickly, even between two releases (due to updates in the plugins which can add/ remove options). We try to document that but sometimes there's a crack in the process. Fortunately, we're staffing up our research team so in the future you should see better and more up-to-date documentation. There are also helpful KB articles available on our support portal and we hope to deploy a wiki soon, which should also help. And if everything else fails, you can always hit the nessus list or ask your questions to me directly. Thanks, -- Renaud ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
Re: Nessus 3.2.1 installation hangs during installation for Debian 4.0 (Etch) - looks like a problem with the installer for Debian
On Jun 16, 2008, at 2:11 PM, Richard Folwell wrote: I tried with a completely fresh instance of Debian 4.0, with the same results. Have now managed to get around the problem by setting up an instance of Ubuntu, on which it installed as expected from the instructions. Since Ubuntu is based on Debian anyway this suggests that there might be a problem with the Nessus 3.2.1 Debian installer. Which version of bash is installed on your Debian system ? ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
Re: QUICK NESSUS 3.2 QUESTION
On Jun 12, 2008, at 5:26 PM, John Scherff wrote: Background: We're finally getting around to migrating from 3.06 to 3.2x. Our scanning system is a fairly complex setup comprised of several perl scripts that parse the .nbe output files and load the results into an Oracle database used by a separate, PHP-based web reporting system. Question: will the new nessus client work with the same command-line switches and will it still produce legacy .nbe output, or must we also migrate to the new .nessus report format? We will eventually re-write our code to use the new format, but prefer to upgrade first and do the re-write later. Hi John, Yes, the 'nessus' command line client works as it used it, and still exports as .nbe. -- Renaud ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
Re: NessusClient 3.2
Hi Scott, On Jun 10, 2008, at 2:20 PM, Scott Pate wrote: Unless I am missing something, it seems there are some options missing from the new NessusClient -Where is the option to enable/disable optimize test? This option is not exposed any more. Given how we code plugins now, there is no reason why you would want to use it. -Where are all of the knowledge base options? This functionality is not officially supported any more. (you can always edit the .nessus file directly and change these settings, but we do not recommend you rely on them). -- Renaud ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
Re: NessusClient 3.2
On Jun 10, 2008, at 4:41 PM, Scott Pate wrote: Thanks Renaud, Is there a changelog to show what is different with new NessusClient/ server? I have read the available documentation, but it's not quite clear how the new changes affect the functionality (when compared with the old options) We document every change (see http://blog.tenablesecurity.com/2008/05/nessus-321-rele.html for the 3.2.1 change log for instance). However, when we create a new project from scratch (which gives us the freedom to remove a lot of legacy), it's difficult to write a piece explaining every bit of change compared to the previous thing doing somewhat the same thing. Usually, if something goes away (or is about to go away) we try to be vocal about it. We also try to keep old features, but that does not mean we recommend using them (the KB options are one example, some outdated XML output is another one). -- Renaud ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
Re: unix compliance checks - find_world_writeable_directories and others
On Jun 4, 2008, at 1:21 AM, Doug Nordwall wrote: does the ignore parameter accept a directory to exclude it from the search? Hi Doug, This parameter will accept a directory to exclude from the search, but will not exclude its subdirectories (that is, if you exclude /tmp then /tmp/foo won't be excluded). -- Renaud ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
Re: unix compliance checks - file ownership
On Jun 2, 2008, at 11:17 PM, Doug Nordwall wrote: right, and my point is not that there is a problem with the compliance check that says hey, you have two uid 0 accounts (that one is quite correct in this regard) but rather when presented with 2 uid 0 accounts, it misassigns the owner of the file. In fact, it choses to view the ownership of the file as wrong, even through it is quite correct, even though it gets the info from the file _as a numeric uid_. You're correct. We do the reverse lookup ourselves and this causes problems in this particular case (much like a 'ls -l' on a file could show it as belonging to root or to myroot, depending on how the local OS performs its own lookups). I'll see if/how this can be improved in a further revision of this plugin. -- Renaud ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
Re: unix compliance checks - file ownership
On Jun 2, 2008, at 8:22 PM, Doug Nordwall wrote: so, we have boxes (many) with 2 UID 0 accounts. Stop right here. This goes against every Unix administrative best practices playbook which clearly says that each user should have its own UID. Why do you have such a setup ? -- Renaud ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
Re: Nessus 3.2.1 released, no FreeBSD 6 build
On May 30, 2008, at 12:29 PM, Renaud Deraison wrote: Tenable Network Security, Inc. is proud to announce the availability of Nessus 3.2.1. One thing I forgot to add is the lack of support for FreeBSD 6. We spent a lot of time to work around this issue, and unfortunately we could not get a FreeBSD 6 build to work reliably. The reason behind is that Nessus 3.2 is now thread-based when it initially processes the plugins. The initial plugin processing is a CPU intensive operation, so the more we can take advantage of dual / quad core CPUs, the better. After the initial processing is done, we switch back to a normal fork()-based mechanism when doing a scan. Unfortunately, this does not play well with FreeBSD 6 -- once a FreeBSD 6 process starts to have threads, even if it forks afterwards (with all its threads removed), a lot of things stop working. In particular, signal handling works very differently, and setitimer() does not work at all. We tried to work around this issue as much as we could, but in the end the solution would cause such a huge difference between the FreeBSD 6 code base and the rest of the Unix code base, that we decided to not support this platform any more. If you are using FreeBSD, we encourage you to either upgrade to FreeBSD 7, which works great, or to stick to Nessus 3.0.6 (which is still available for download on www.nessus.org). My apologies for this inconvenience, -- Renaud ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
Re: update plugin feed errors
On May 30, 2008, at 4:13 PM, Jon Barnhardt wrote: Hi all, I have been trying to update my nessus plugin feed for a couple of days now with no success. Here is the recap: Was running Ubuntu 6.10 and everything was working fine. I upgraded Ubuntu to version 7.10 and ran the nessus .deb file for gutsy (7.10) nessus version 3.2.1. I then registered the feed using the activation code provided via new registration. When I try to run: sudo nessus-update-plugins I receive: An unknown HTTP error has occured (http error code: 404) Could not retrieve the plugins MD5 Aborting By any chance, is your nessus-fetch.rc file configured to go thru a proxy ? -- Renaud ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
Re: controlling the size of nessusd.messages
Hi Rich, On May 27, 2008, at 9:00 PM, Rich Whitcroft wrote: Hi, I can't find any facility to control the size/content of nessusd.messages. I just ran a scan on a /24 subnet and was seeing log file growth of 1 meg per second. The entire scan lasted 570 seconds, so about 600 megs of logs for one subnet. Also, much of the log file contained entries like this [Tue May 27 14:34:19 2008][5455] user operator : Not launching debian_DSA-829.nasl against 129.100.86.73 because the key Host/Debian/dpkg-l is missing (this is not an error) which seems a little too verbose since these messages are insignificant. I have log_whole_attack and log_plugins_name_at_load set to 'no'. You probably have this setting set into nessusd.conf, but it can be overriden by the client. If you use the NessusClient interface, make sure that the option Log details of the scan the server (in the Options tab) is disabled. If you use the scan in command-line, make sure that this setting is set to 'no' in your ~/.nessusrc file. -- Renaud ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
Re: Many Nessus startup errors
On May 22, 2008, at 7:36 AM, KAYVEN RIESE wrote: I am not generating reports http://www.monkeyview.net/id/965/fsck/nessus/nessus.vhtml During startup, 20K plugins try to load. A lot of them fail or something: http://www.monkeyview.net/id/965/fsck/nessus/p5210017.vhtml http://www.monkeyview.net/id/965/fsck/nessus/p5210018.vhtml That would mean your plugin set is not complete. Get an activation code at http://www.nessus.org/register and run nessus-fetch --register, then nessus-update-plugins. However, it's probably safe to simply re-install Nessus 3.0. -- Renaud ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
Re: libexec/elf not found
On May 22, 2008, at 7:13 AM, KAYVEN RIESE wrote: kv_bsd#cd /usr/ports/distfiles kv_bsd#mv /usr/home/kayve/Nessus-3.2.0-fbsd7.tbz . kv_bsd#pkg_add Nessus-3.2.0-fbsd7.tbz pkg_add: package VisualOS-1.0.5_3 has no origin recorded /libexec/ld-elf.so.1: Shared object libz.so.4 not found, required by nessusd You're using a FreeBSD 7 build on FreeBSD 6.3. If you can not upgrade your system to FreeBSD 7, then install Nessus 3.0.6 (http://www.nessus.org/download/index.php?product=nessus3 ) which has a FreeBSD 6 build. -- Renaud ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
Re: Nessus reporting
John, On May 22, 2008, at 1:35 PM, John Chajecki wrote: Nessus reporting provides a plethora of information, but; Is it possible to generate a simple list of hosts based on a service detection plugin? If Nessus 3.2.1 passes QA, we'll release it next week. The client there has a new filtering option which you could use to only display the results of the plugin IDs you care about, and then export these to .nsr which is easily imported into, say, Excel. -- Renaud ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
Re: How to send a sequence of bytes
John, On May 22, 2008, at 4:15 PM, John Chajecki wrote: In trying to create a custom plugin, I have the need to send a sequence of bytes as the data in a packet. I know the exact sequence of hex bytes to be: 31,00,30,00,33,00,3b,00,38,00,36,00,3b,00,31,00,2e,00,30,00,2e, 00,30,00,2e,00,30 The problem is that I can't find a way of converting that representation into a suitable string to pass to the send command: send(socket:soc, data:pktdata); Is there a function in nasl that can do the conversion? You'd do : send(socket:soc, data:raw_string(0x31, 0x00, 0x30, ., 0x2e, 0x00, 0x30)); -- Renaud ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
Re: How to send a sequence of bytes
On May 22, 2008, at 6:15 PM, John Chajecki wrote: Renaud, Curious. I tried that but it literally sent the string 0x31,0x00,0x30,..etc rather than the actual hex bytes represented by string. I have attached the Wireshark screen grab. Here is my code. pktdata = ' 0x31,0x00,0x30,0x00,0x33,0x00,0x3b,0x00,0x38,0x00,0x36,0x00,0x3b,0x00, 0x31,0x00,0x2e,0x00,0x30,0x00,0x2e,0x00,0x30,0x00,0x2e, 0x00,0x30,0x00'; It should really be : pktdata = raw_string(0x31, 0x00, ); (no quotes). then : send(socket:soc, data:pktdata); -- Renaud ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
Re: nessus still scanning some printers, skips others?
When this happens, please send me the full report (and KB, if possible) of the scanned printer and I'll make sure we update the plugin to prevent such behavior in the future. Thanks, -- Renaud On May 22, 2008, at 9:29 PM, [SiN] wrote: nessus knows a few systems within a range im scanning are in fact printers and skip over them. Though there are a few that it still scans even though it knows its a printer Remote operating system : HP Deskjet 6127 Confidence Level : 50 Method : ICMP Not all fingerprints could give a match - please email the following to [EMAIL PROTECTED] : HTTP:!:Server: Virata-EmWeb/R6_0_1 SNMP:!:Desk of Tari Boh The remote host is running HP Deskjet 6127 3 of these printers are being scanned and printing junk 5 other printers are not Synopsis : The remote host appears to be a printer and will not be scanned. Description : The remote host appears to be a network printer or multi-function device. Such devices often react very poorly when scanned - some crash, others print a number of pages. To avoid problems, Nessus has marked the remote host as 'Dead' and will not scan it. Solution : If you are not concerned about such behavior, enable the 'Scan Network Printers' setting under the 'Do not scan fragile devices' advanced settings block and re-run the scan. -- ..::x0SiN0x::.. G4m3R 4 L1F3 ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
Re: Linux Distro Recommendation
On May 22, 2008, at 10:42 PM, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Hello All, I am new to the world of Nessus – an Intern with the local government. Is there any particular distribution of Linux you would recommend for use with Nessus 3.x (moreover the reasons why you would recommend them). I am pretty familiar with Ubuntu (8.04) but reading past articles online it seems there were some issues with the older distros of Ubuntu and Nessus. If you intend to dedicate that system to Nessus, I would go with a 32 bits RHEL 5 (or CentOS 5, which is roughly the same), as this is the setup most of the development and QA is done onto. -- Renaud ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
Re: Tenable Updates Subscription Model for the Nessus VulnerabilityScanner
John, Actually if you look at : http://www.nessus.org/documentation/index.php?doc=feed-faq#anchor7 You'll see : For those users who purchase through resellers, Tenable will announce channel relationships with Authorized ProfessionalFeed Partners that will allow you to purchase through your favorite partner. We are in the process of finalizing this, and will of course be ready before the July 31st deadline. -- Renaud On May 21, 2008, at 12:55 PM, John Chajecki wrote: As a government organisation in the UK, we are obliged to purchase through a purchasing consortium such as GCAT. In our particular case we have to use the Eastern Shires Purchasing Organisation (ESPO). We can only purchase from suppliers (who can also act as resellers) that service the purchasing frameworks that have been put in place by the purchasing organisation. When we recently enquired about purchasing the commercial feed for Nessus, we were advised that this could not be sourced through a reseller, but has to be purchased directly from Tenable. This means that we are unable to purchase the commercial feed. Although not ideal, upon consideration, we felt that the 7 day delay provided by the registered feed would not be too disadvantageous and we have in the last month or so been evaluating Nessus. This change means that not only would we be unable to access the commercial feed, but we will not also loose the registered feed. The new home feed may be welcome, but, it would not seem consistent with the terms to use this feed as an organisation. This regrettably leaves us with little option but to look for another solution. _ John Chajecki Senior Infrastructure Engineer Information Division Resources Department Leicester City Council ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
Re: Why doesn't get_port_state work?
On May 21, 2008, at 12:18 PM, John Chajecki wrote: We have been writing a custom a plugin to test for the presence of McAfee EPO Agent on workstations and we have had success in accomplishing this but we had several problems along the way for which we would like to request answers. We are using Nessus server and client 3.2.0: 1. Why do the get_port_state, get_tcp_port_state and get_udp_port_state functions always return a value of 1 (i.e. true)? Because you did not launch a port scanner. get_port_state() does not send any packet to the remote host, it simply looks into the local cache to determine wether a given port is known to be open or not. In doubt, it will return TRUE and it's up to your plugin to handle a connection being closed. 2. Since the UPD protocol is stateless or connection less, the above function always returns true and the open_sock_udp function aqlso always succeeds, how do you determine whether a UDP port is open on a remote host? How do you listen to a response on that port? UDP being connection-less, you'd send a properly crafted UDP packet and wait for an answer by using recv() (just like with a TCP socket). If you are talking about a generic UDP port scanner, there is no clean way to determine wether a port is open or not -- in some cases, sending a UDP packet to a closed UDP port will return an ICMP unreachable error in return, but on systems where ICMP rate limiting is in effect, or systems behind firewalls which block ICMP unreach messages, the only way to determine if a UDP port is open is to talk to the service behind it. 3. When you drop a custom plugin into the plugin directory (/opt/ nessus/lib/nessus/plugins) and restart Nessus, the plugin does not immediately appear in the plugin list. We checked and double checked all of the fields on the description and they appear to be correct but just in case, here is our description section: [...] What seems to happen is that the plugin does eventually appear in the list some 30min to an hour later. Is there any way to force a re-sync of the plugin database so that it will appear immediately or reasonably quickly? This is very surprising. Are you talking about modifying an existing plugin or adding a new file in the plugins/ directory. If you modify an existing file, then launch nessusd with the -t option (nessusd -D -t) to force it to check the timestamps. 4. Is there a way of selecting all plugins for a specific platform e.g. Solaris, Windows. Cisco etc? We couldn't find any and this seems a major omission in our opinion. No because some (many) vulnerabilities are cross platform. You can select a given family (Solaris local checks for instance), but it's recommended that you perform a full scan against each tested system and let nessusd itself determine which plugins to launch/not to launch. 5. On the plugin selection tab in the Nessus Client, why does the find function never return any results? I can't reproduce this here. Which version are you running, on which platform ? Also, why does the 'Show All' button cause all plugins AND all port scanners on the option page AND other options on other tabs to become de-selected? This is a known limitation of the 'Find' function. It will only leave enabled the plugins which matched your query. -- Renaud ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
Re: Custom path to .nessusrc?
On May 20, 2008, at 10:16 AM, Taras Ivashchenko wrote: Hello, everybody! Is there way to set custom (not ~/.nessusrc) path to .nessusrc when run nessus client? Use the -c switch. ie: nessus -c /path/to/nessusrc -q localhost 1241 login password targets.txt results.txt -- Renaud ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
Re: Outdated Plugin Error
Try to restart nessusd by doing nessusd -t -D and this will solve this particular problem (which is addressed in 3.2.1). On May 19, 2008, at 4:21 PM, Brad Isbell wrote: I have registered my copy of Nessus and have updated my plugins. The plugin_feed_info.inc file says: PLUGIN_SET = 200805190834; PLUGIN_FEED = Registered (7 days delay); Whenever I run a scan I get an error titled Information about the scan ERROR: Your plugin feed has not been updated since 2008/3/15 and the plugin feed version says : 200803151015 What do I need to do in order to have Nessus recognize that I've done a recent update of my plugins? ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
Re: Nessus 3.2.0 Missing Plugin Selection
On May 19, 2008, at 5:23 PM, Francis D. Lorenzana wrote: We did a complete installation from 3.0.1 to 3.2.0 but it wasn't an upgrade. It's hosted on Linux. We are connecting to Nessus from both the old and new clients with no plug in options. Try to do nessusd -R to flush the DB and restart nessusd, this should solve your problem. -- Renaud ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
Re: Error Handling Segmentation Fault
Hi Brock, On May 19, 2008, at 8:03 PM, Tucker, Brock - St. Louis, MO wrote: When running the command-line version of nessus on a Linux box RHES5, we are getting a segmentation fault from the following command: -bash-3.1# /opt/nessus/bin/nessus -p -q Segmentation fault This is occurring on machines that have been upgraded as well as machines that have had fresh installs placed on them. Running the same command under version 3.0.6 of nessus yielded information on what you did wrong. This is a known issue that will be fixed in 3.2.1. Thank you for reporting it. -- Renaud ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
Re: Tenable Updates Subscription Model for the Nessus VulnerabilityScanner
On May 16, 2008, at 7:55 PM, Ron Gula wrote: If you do write a Nessus plugin and want to give it to someone else, you are free to do that. If they already have Nessus and the .inc files you are calling, then there is no issue. Actually, the use of our .inc files is subject to our authorization -- it's on a case by case basis, but until now we've always granted it :) -- Renaud ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
Re: Registration Problem on Mac
Hi Brad, On May 17, 2008, at 12:00 AM, Brad Isbell wrote: I installed Nessus 3.2.0 on my Mac running OSX-10.4.11. I registered for an activation code. When I install the activation code I get an error that says: The registration code you entered is invalid. I found where I could register online and it gave me an update file (all-2.0.tar.gz) and it says to install a nessus-fetch.rc file at: * /opt/nessus/etc/nessus/nessus-fetch.rc (Unix) * C:\Program Files\Tenable\Nessus\Config (Windows) What do I do on a mac? On a Mac you should copy it under /Library/Nessus/run/etc/nessus/ I'll update the text on the web page, -- Renaud ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
Re: nessus format: pluginName only with pluginid with nessus3.1.5
On May 16, 2008, at 12:13 PM, cdt sly wrote: hi i downgraded nessus in 3.1.5 because 3.2.0 hang forever (known issue) but the nessus format print me only the pluginid number:pluginid#13295 and not:Solaris Local Security Checks Hi, This particular issue was fixed in 3.2.0. What known 'hang' issue are you referring to ? -- Renaud ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
Re: How to scan for all plugins using nessuscmd
Hi Craig, Unfortunately, nessuscmd has been designed to scan for a select set of plugins from the command line, not to perform an entire scan. We intend to improve that situation on windows, but at the moment there is no easy way to run a scan in batch mode there. -- Renaud On May 15, 2008, at 9:39 PM, Craig wrote: OK, I've looked around but I haven't found any directions for this. I'm trying to write a script that will run a nessus scan after hours on our workstations. The scan needs to use multiple plugins (more than can be listed easily with the -i option). I noticed in the User Guide, on UNIX something like this can be done using the command: /opt/nessus/bin/nessus --dot-nessus scan.nessus --policy 'Full Safe w/ Compliance' host port user password results-file This command does not work on Windows. I found an older note that indicated how to run the scan from the command line with all the plugins enabled: NessusCmd localhost allsafe NessusCmd 192.168.0.1-192.168.0.10 all But neither of those seem to work any longer. Is there a command for windows that I can use from the command line to enable all or select categories of plugins? Is there an equivalent command in windows where I can ID a .nessus file and a certain policy in that file when scanning from the command line? Thanks. Craig L. Bowser --- There's a difference between interest and commitment. When you're interested in doing something, you do it only when circumstances permit. When you're committed to something, you accept no excuses, just results. -- Art Turock Sales strategist and author of Invent Business Opportunities No One Else Can Imagine. ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
Tenable Updates Subscription Model for the Nessus Vulnerability Scanner
Hi, Tenable Network Security Inc. today announced an update to its Nessus subscription model. Please read our letter at : http://www.nessus.org/products/directfeed/change.php And our FAQ at : http://www.nessus.org/documentation/index.php?doc=feed-faq Feel free to contact [EMAIL PROTECTED] (or myself directly) if you have any question, -- Renaud ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
Re: How to correctly modify nmap.nasl?
On May 8, 2008, at 3:25 PM, Mercer, Jeff C - Raleigh, NC wrote: Considering how wildly popular Nmap is, how widely used it is and the many advantages to Nmap, I've never understood why Tenable Security is so dead-set against it. This has been explained ad-nauseam : http://www.nessus.org/documentation/index.php?doc=nmap-usage We're not dead-set against it, it's just that nmap's design is not compatible with our design. -- Renaud ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
Re: Upgrade question
Hi Todd, On May 6, 2008, at 3:55 PM, Todd Adamson wrote: I am about ready to upgrade both client (1.0.2)and server (3.0.6) to the latest versions on CentOS 5. Process is simple enough, but when I upgrade them, will the data from previous scans currently within NessusClient 1.0.2 be visable in the New client? Is this where I will need to convert the data to the new .nessus format? The new client will see the old NessusClient 1.0.x files and will convert them to .nessus files. -- Renaud ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
Re: Failed loading Nikto.nasl
On Apr 30, 2008, at 7:57 AM, TUHIN SUBHRA JANA wrote: Hi, I downloaded 2.2.11 source tar ball, and build it in HP_UX 11.11PA, build is ok.after creating nessus user and certificate, I tried to run nessusd -D Then it gave error like this. /opt/iexpress/nessus/lib/nessus/plugins/nikto.nasl has a too long preference-name (69) nikto.nasl failed to load [...] I think we need to modify the code according to plug-in. Once again, this has been fixed. Simply update your plugins (nessus- update-plugins) and the problem will go away. -- Renaud ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
Re: Nessus 3.2.0 and Windows 2000 Professional
On Apr 30, 2008, at 4:31 AM, Bob Babcock wrote: Has anyone been able to successfully install Nessus 3.2.0 on Windows 2000 Professional? I am encountering the error Error 1920. Service Tenable Nessus (Tenable Nessus) failed to start. Verify that you have sufficient privileges to start system services. The 3.2 service uses a DLL entry point that is only available in XP and higher. I made a bugzilla entry for this, but I don't know if they're going to change this or not. If not, I'll probably move my scanning to a Linux virtual machine. 2000 is a better OS for scanning than XP because it doesn't have a limit on the number of half-open TCP/IP connections. This issue is being worked on and will be addressed as part of 3.2.1. -- Renaud ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
Re: Some plugin issues...
On Apr 29, 2008, at 2:35 PM, John Gray wrote: the PsNews XSS and PHP-CSL Cross Site Scripting plugins are doing very similiar checks. And they are both hitting on some sites which have neither package, but undoubtedly have some xss issue. Neither of them report the url. Fixed, thanks. -- Renaud ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
Re: Failed loading Nikto.nasl
On Apr 29, 2008, at 9:28 AM, TUHIN SUBHRA JANA wrote: Hi Team, I faced a problem when starting nesusd -D in HP-UX 11.11 PA system.I built nessusd 2.2.11 in HPUX. Its showing error like this, = Loading the plugins... 22134 (out of 22211)nessus-libraries/ libnessus/store.c: /opt/iexpress/nessus/lib/nessus/plugins/ nikto.nasl has a too long preference-name (69) nikto.nasl failed to load = For 11.11 PA through gdb i set a break point in safe_copy function in store.c file here its stopping in this breakpoint. First, you want to update your plugins, as this problem should have been fixed several weeks ago. Then, you probably want to forget running Nessus 2 on HP/UX -- just because it compiles does not mean it's going to work. Last time I checked, there were issues with packet forgery and raw packet sniffing which made a lot of the checks useless. -- Renaud ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
Re: How can I get the hostname of the scan target
On Apr 28, 2008, at 11:11 AM, 赵永胜 wrote: when I started scanning via this command: nessus -qx -c nessurc localhost 1241 user pwd targets result.xml every time I find that the content of all host nodes in the result.xml file are like this: host name=192.168.2.161 ip=192.168.2.161/ if the the host's name is abc, what can I do if I want to get it when scanning? just like the following: host name=abc ip=192.168.2.161/ Unfortunately, this does not work. Also note that this XML format is deprecated and you are encouraged to use the .nessus format, described at : http://www.nessus.org/documentation/dot_nessus_file_format.pdf -- Renaud ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
Re: Nessus plugin output...
Hi Kevin, On Apr 28, 2008, at 12:36 PM, Kevin Chak wrote: Hi, I have questions on some plugins' outputs. I've tried the plugins for OS identification. However, I got a weird case. If I do scanning with the plugin 'os identification'(#11936) only, I get the reports on the remote hosts; if I enable all the individual os identification plugins(HTTP, uname, RDP, etc.) except #11936 one, I get 'No Vulnerability Found'. #11936 plugin have identified my two remote hosts by using uname and LinuxDistribution. I tried only turning on the plugins of these two methods and scan, but I still got 'No Vulnerability Found'. What's wrong with that? This is the expected behavior. Basically, plugin #11936 uses the results of all the other plugins which are silent. If you want to only enable a given method (say, HTTP only), you'd need to disable the automatic dependencies option, and you'd need to enable plugin #11936 in addition to the detection method you wish to use. Another question is about service identification. I've tried using the plugin 'Identify unknown service with GET'(#17975) and 'Service identification (2nd pass)'(#11153) to scan my hosts, but I got 'No Vulnerability Found'. Do I suppose to get some results? Did you enable a port scanner ? You need to select one if you want service detection to take place. You also want to enable plugin#10330 (Find services). -- Renaud ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
Re: Checking credentials~
On Apr 21, 2008, at 1:00 AM, Kevin Chak wrote: Thanks, Yarick~ I ran the command cat /etc/redhat-release and here is what I got: [test1]$ cat /etc/redhat-release Red Hat Linux release 8.0 (Psyche) This distribution is not supported by Nessus nor by Red Hat for that matter (it's over 6 years old). You should upgrade to something newer. -- Renaud ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
Re: nessusd in sussen-core-2.2.11 does not set source address correctly.
Hi Peter, On Apr 20, 2008, at 4:02 PM, Peter Volkov wrote: Hello! Whenever I scan remote hosts I receive an error: nessusd returned an empty report. I've used tcpdump and found that nessusd attempts to scan remote hosts using 127.0.0.1 as source address. What's the output of netstat -rn and ifconfig -a ? -- Renaud ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
Re: nessus-3.0.6-es4 not scanning CentOS fully?
Hi Jason, Could you send me the KB for that faulty host ? Thanks, -- Renaud On Apr 10, 2008, at 11:31 AM, Jason Haar wrote: Hi there I'm trying to get nessus-3.0.6 to scan our CentOS servers and it's having some difficulty. If I scan a Fedora8 box (with root creds via ssh pubKey), I get details about what IP addresses are assigned to each interface, it's uname details, and a nice listing of all RPMs installed, and which ones are out of date. Life is good :-) If I do the same thing against a CentOS4.6 server, I get the IP address detail, the uname detail, but no RPM detail. I see tonnes of centos_RHSA* checks occurring in the nessusd log, but it never seems to run unix_enum_sw.nasl - which would give the listing of RPMs installed. Obviously if I log in and manually run rpm -qa, I get a listing of all RPMs installed. Any ideas? Thanks -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
Re: What is this situation???
On Apr 8, 2008, at 1:57 PM, francesco sottini wrote: Dears, I am doing an university project and the final goal is to scan 4 hosts and report all the problems that we meet. Well, the 4 hosts are on a private network. to scan them, we have to connect with the nessus client to a nessus server and then scan the target. The problem is that for an host, i obtain always the result: The remote host is considered as dead - not scanning. I suppose that on that host, declared fromt he professor an hard challenge, there is a kind of IDS or honeypot.. what can i do? You can force Nessus to disable pinging the remote host prior to scanning. Edit your policy - advanced - Ping the remote host and uncheck all the boxes (ICMP ping, TCP ping and ARP ping). -- Renaud ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
Re: .nessus File Missing Data
On Apr 8, 2008, at 5:31 AM, Larry Petty wrote: I run my Nessus scans from the command line via a script. The server is Ubuntu 7.1 64-bit running Nessus 3.2 (Debian 64-bit installer) Thank you for reporting this issue. We could indeed reproduce it and will make sure it's fixed in 3.2.1. Thanks, -- Renaud ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
Re: .nessus File Missing Data
On Apr 8, 2008, at 4:09 PM, Larry Petty wrote: When is 3.2.1 expected? The official release date should be on the 28th of April. Contact me privately if you need a pre-release build which fixes that issue. -- Renaud ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
Re: Nessus ID 12521
On Apr 4, 2008, at 9:30 PM, Mark A Timm wrote: Plug-in 12521 states that Apple no longer supports 10.2 (Jaguar). I was told that Jaguar will be supported until 2011. What is this plug-in’s definition of support? Apple does not communicate openly about EOL for their operating systems. Based on experience, it seems that Apple only provides (public) updates for versions N - 1 and N of their operating system (when was the last 10.2 update ? 10.3 ?). This means that a typical Mac OS X system running 10.2 is not going to get any security updates, so we mark at as running an EOL'ed environment. (given Apple's stance on security, a lack of security updates for 10.2 really, really does not mean that 10.2 is immune from all the security issues which have been patched over the years). -- Renaud ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
Re: Problems installing Nessus 3.2.0 under Windows Vista Home Premium
On Apr 7, 2008, at 5:10 PM, Mario Chancay wrote: Hi, I am trying to upgrade my current installation of Nessus 3.0.6.1 build 321 to the lates Nessus 3.2.0 but the installations fails with the following error message : What happens if you right-click on the installer and select the option Run as administrator ? ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
Re: Nessus Prelude ?
Hi Sylvain, On Apr 4, 2008, at 4:21 PM, Sylvain Chillaud wrote: Hi all, I've read when doing researches on the web that it was possible to make Nessus send its reports in IDMEF directly to a Prelude manager (and that there was other methods too, less practical but existing anyway, with .nsr reports and scripts). However, I did not find any more info concerning this, no Howtos or any other doc explaining this, and those I found (those that led me to ask the question here) have been written in 2003 or so. I am then wondering, have this feature been kept in the 3.x versions of Nessus or was it removed? Or maybe was it made by Prelude's team and not up-to-date yet? Prelude maintained a patch which has never made it into an official release, so technically this feature was never in Nessus. -- Renaud ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
Re: Plugin 31422
Hi Patrice, On Apr 2, 2008, at 10:47 AM, Patrice ARNAL wrote: Hello, I need some explanations on the way this plugin works. The code associated seems to be more OS identification related than reverse nat / proxy / traffic shaper related. I first noticed this plugin when scanning a real reverse proxy in our infrastructure, but now it seems to be fired on almost each scan I do. Before asking some explanations to our network team, I need to know how this plugin works, almost in its methods. This plugin performs an OS fingerprint on every open port. If two ports have different OS signatures, it's likely that either the host is doing reverse NAT (one external IP mapping to multiple different hosts internally) or (more likely in your case) that there is a transparent proxy on the way. For instance, Fortinet will run a transparent proxy on ports 21, 25 and 80 to scan for viruses inline. Another example are the Apple Aiport Extreme wireless base stations which have a FTP proxy to handle NAT more easily. I'd be interested in the results you're getting, but it's likely that your network team set up some filtering in place. BTW, Ron wrote a blog entry about this plugin : http://blog.tenablesecurity.com/2008/03/reverse-nat-det.html -- Renaud ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
Re: Nessus scan never finishes...
Hi Jason, On Mar 31, 2008, at 4:46 PM, Jason Dravet wrote: Hello, I would like to report that the Fedora Core 8 packages suffer the problem of the scan never finishing. I created a new scan policy to scan 1 PC using the default settings (except I added the administrator username and password) and scanned 1 PC. It was still scanning after 10 hours, pressing the cancel button had no affect. While the scan hangs, could you run /opt/nessus/bin/nessus-bug-report- generator and send me the output ? Thanks, -- Renaud ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
Re: Verifying latest plugins
On Apr 1, 2008, at 6:04 PM, Doug V wrote: [EMAIL PROTECTED] Temp]# /opt/nessus/bin/nessus-fetch --register 3725-8531-AEFB-E58F-4612 Your activation code has been registered properly - thank you. Now fetching the newest plugin set from plugins.nessus.org... all-2.0.sig is not the valid signature for all-2.0.tar.gz Aborting An error occurred while fetching the plugins. Your Nessus installation may not be up-to-date. Could you try to run /opt/nessus/sbin/nessus-update-plugins manually ? If that does not work could you run /opt/nessus/bin/nessus-fetch -- plugins (this will create a local all-2.0.tar.gz) and send that file to me (privately) ? Finally, which flavor Linux are you running ? Thanks, -- Renaud ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
Re: Nessus scan never finishes...
Hello Saad, On Mar 30, 2008, at 10:55 AM, Saad Kadhi wrote: On Mar 28, 2008, at 9:07 AM, Renaud Deraison (lists) wrote: Yes, there is a problem with the Nessus 3.2 binary on FreeBSD 6. The issue has been identified and resolved, and we should push a new build next week. In the meantime, downgrade to 3.0.6. Thanks. Does this problem affect FreeBSD 7 as well? Is running 3.2.0 on that platform a trouble-free option as far as you know today? No, this problem does not affect FreeBSD 7, it's FreeBSD 6.x specific (while we did work around the problem in FreeBSD 6, we're still investigating to understand the reasons behind that issue which, so far, seems to be a FreeBSD 6 bug). On a side note, is there a way to be notified when a new build package is available? We will do an announce (it will be the 3.2.1 release). It might take a couple of weeks to get that release out, so we can also improve the reporting of the client and iron out other issues specific to each .0 release :) Have a good week, -- Renaud ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
Re: Nessus Server
Hi Eric, On Mar 31, 2008, at 3:42 PM, Sabo, Eric wrote: I found the problem but don't know how to correct it. This is in the scan.log [Mon Mar 31 09:16:44 2008][3096] db_open failed: 2 [Mon Mar 31 09:16:44 2008][3096] Exception: class std::runtime_error Can not open database environment Do you have enough free disk space ? Try to run 'update.exe', and run an update with the box Purge plugins database enabled. Thanks, -- Renaud ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
Re: SSL handshake failed
Hi Rolan, On Mar 31, 2008, at 2:28 PM, Roland Knecht wrote: I'm trying to set up a Nessus 3.2 Server on a Red Hat based Linux system. There will be about 20 users of the scanner and i decided to let them login over the certificates. Now I have the problem that the Nessus Server won't accept the connection from the NessusClient 3.2. It says SSL handshake failed and that I should make sure that I use the right certificates. I started creating the certificates with the nessus-mkcert command to create the cacert.pem. Then I added a user with the nessus-mkcert-client which gives me the key_User.pem and the cert_User.pem files. When I try to establish a connection with this files in the SSL Section of the connection manager, the ssl handshake failed error occures. Has anybody an idea where i made a mistake? Is there anything written in nessusd.messages ? Could you do a ls -lR on /opt/nessus/var/nessus/users ? Thanks, -- Renaud ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
Re: nasl script modifications not working
Hi Shavian, On Mar 29, 2008, at 8:21 PM, Shavian Shakes wrote: Hi List, I am running nessus v3.2.0 on Windows XP. For my private testing, I would like to modify some nasl scripts (and later write my own). To start with, I modified a script (sql_injection.nasl). The only change i did was change a string in the report message. For this I just edited the file and changed it. The problem is that when I run the nessus client and the sql_injection succeeds, I still get the old message and not the new one which I put in. Yes, on Windows you need to run build.exe which will re-process the nasl files and include your changes. -- Renaud ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
Re: Nessus scan never finishes...
On Mar 28, 2008, at 12:18 AM, Saad Kadhi wrote: Hi, On Mar 27, 2008, at 5:04 PM, Joe Lawson wrote: I've installed the 3.2 server on a FreeBSD box and it appears to be working correctly. However, I've installed the NessusClient v3.2 on an XP SP2 box and am running into a problem. Specifically, I can connect to the Nessus Server and create a simple scan against say, one host/Microsoft Patches but the scan never finishes (as in 8 hours later). A PS shows the nessusd: testing boxa (nessusd) and no error messages. I have witnessed the same thing on my side. I am running also a Nessus Client 3.2.0 on Windows XP SP2 (fully patched, English version) and Nessus 3.2.0 on FreeBSD 6.3-RELEASE (without and with patches applied through freebsd-update). Yes, there is a problem with the Nessus 3.2 binary on FreeBSD 6. The issue has been identified and resolved, and we should push a new build next week. In the meantime, downgrade to 3.0.6. Sorry for the inconvenience, -- Renaud ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
Re: False Positive - Nessus ID 25166?
Sorry for the delay, This issue has been fixed and the change will be reflected in the plugin feed shortly. Note that we recommend to perform scans with a domain admin account (which can mount C$). As time goes, this will become a mandatory requirement to perform patch checks with Nessus on Windows. -- Renaud On Mar 27, 2008, at 9:29 PM, Kofoed, George x55379 wrote: From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] ] On Behalf Of Kofoed, George x55379 Sent: Tuesday, March 25, 2008 6:36 PM To: Renaud Deraison (lists); Nessus list Subject: RE: False Positive - Nessus ID 25166? From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] ] On Behalf Of Renaud Deraison (lists) Sent: Tuesday, March 25, 2008 10:31 AM To: Nessus list Subject: Re: False Positive - Nessus ID 25166? On Mar 25, 2008, at 3:21 PM, Kofoed, George x55379 wrote: A recent scan of my AD server indicates that patch MS07-027 – Cumulative Security Update for Internet Explorer (931768) – is missing. This patch was replaced several times over since its release, and the current cumulative patch MS07-069, Q number 942615 is installed on this server. I’ve noticed this issue frequently with other servers also. Is there anything I can do on my end, or is this an issue with this particular plugin? Are you scanning with admin privileges ? Could you tell us what version of the file mshtml.dll is installed on that system ? Thanks, -- Renaud = = = == The user I have configured in Nessus is an “OUADMIN” user. The version of mshtml.dll is 6.0.3790.4210 This message and any attachments are intended only for the use of the addressee and may contain information that is privileged and confidential. If the reader of the message is not the intended recipient or an authorized representative of the intended recipient, you are hereby notified that any dissemination of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by e-mail and delete the message and any attachments from your system. This message and any attachments are intended only for the use of the addressee and may contain information that is privileged and confidential. If the reader of the message is not the intended recipient or an authorized representative of the intended recipient, you are hereby notified that any dissemination of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by e-mail and delete the message and any attachments from your system. This message and any attachments are intended only for the use of the addressee and may contain information that is privileged and confidential. If the reader of the message is not the intended recipient or an authorized representative of the intended recipient, you are hereby notified that any dissemination of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by e-mail and delete the message and any attachments from your system. ___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
Re: 64-bit Nessus
On Mar 27, 2008, at 8:17 PM, Larry Petty wrote: Is there a 64bit Client? The Debian package seems to be working, but there does not seem to be a 64bit client. Not yet, this is planned soon though.___ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus