Date: Thu, 9 Feb 2006 18:21:29 -0500 From: Garance A Drosihn <drosih@rpi.edu> To: freebsd-security@freebsd.org Subject: Running nessus on freebsd... Message-ID: <p06230905c01179ee2354@[128.113.24.47]>
next in thread | raw e-mail | index | archive | help
I'm trying to get nessus setup for doing some internal security
checking. I installed the ports for nessus and nessus-plugins,
and everything worked as expected. I then registered for the
full feed of plugins, which got me up to over 10,000 plugins.
I restarted nessus, and it didn't work at all. I am running
without X11, so I'm doing batch runs. I already have nmap
installed, so I assume nessus is using that.
After much futzing around, and some arbitrary trial-and-error
guessing, I found that I could get nessus to work reasonably
well by cutting the number of plugins down to just under 3,400.
I did this first lopping off all plugins for 'hpux', then all
plugins for 'solaris*x86*', and so-on, and so-on, etc. Basically
removing checks for OS's that I know I will not be checking,
except that I also had to remove a bunch of samba-related
checks which I really should probably keep.
I should note that the server always starts up fine, but
running the client results in messages such as:
*** The daemon shut down the communication
*** nessus: nessusd abruptly shut the communication \
down - the test may be incomplete
and then the server is off spinning in some CPU loop, and
the client is doing nothing much. This happens before the
server has sent any packets to the target host.
I could obviously provide more details about what errors I'm
seeing, but it seems odd to me that I'm having problems with
so many plugins, and yet a quick skim of various mailing lists
don't show anyone else having these problems.
I had been running 6.x-stable as of about a month ago, so I
updated my machine to the status as of this morning, and that
didn't seem to help much. I'm running on a single-CPU Athlon
(i386, not amd64) machine.
Are other people here running nessus (2.2.6) with the "registered
plugins"? (not the commercial registration).
--
Garance Alistair Drosehn = gad@gilead.netel.rpi.edu
Senior Systems Programmer or gad@freebsd.org
Rensselaer Polytechnic Institute or drosih@rpi.edu
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?p06230905c01179ee2354>