From owner-freebsd-security@FreeBSD.ORG Thu Feb 9 23:21:32 2006 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8900C16A420 for ; Thu, 9 Feb 2006 23:21:32 +0000 (GMT) (envelope-from drosih@rpi.edu) Received: from smtp3.server.rpi.edu (smtp3.server.rpi.edu [128.113.2.3]) by mx1.FreeBSD.org (Postfix) with ESMTP id EFE3243D48 for ; Thu, 9 Feb 2006 23:21:31 +0000 (GMT) (envelope-from drosih@rpi.edu) Received: from [128.113.24.47] (gilead.netel.rpi.edu [128.113.24.47]) by smtp3.server.rpi.edu (8.13.0/8.13.0) with ESMTP id k19NLUKw018286 for ; Thu, 9 Feb 2006 18:21:30 -0500 Mime-Version: 1.0 Message-Id: Date: Thu, 9 Feb 2006 18:21:29 -0500 To: freebsd-security@freebsd.org From: Garance A Drosihn Content-Type: text/plain; charset="us-ascii" ; format="flowed" X-CanItPRO-Stream: default X-RPI-SA-Score: undef - spam-scanning disabled X-Scanned-By: CanIt (www . canit . ca) on 128.113.2.3 Subject: Running nessus on freebsd... X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Feb 2006 23:21:32 -0000 I'm trying to get nessus setup for doing some internal security checking. I installed the ports for nessus and nessus-plugins, and everything worked as expected. I then registered for the full feed of plugins, which got me up to over 10,000 plugins. I restarted nessus, and it didn't work at all. I am running without X11, so I'm doing batch runs. I already have nmap installed, so I assume nessus is using that. After much futzing around, and some arbitrary trial-and-error guessing, I found that I could get nessus to work reasonably well by cutting the number of plugins down to just under 3,400. I did this first lopping off all plugins for 'hpux', then all plugins for 'solaris*x86*', and so-on, and so-on, etc. Basically removing checks for OS's that I know I will not be checking, except that I also had to remove a bunch of samba-related checks which I really should probably keep. I should note that the server always starts up fine, but running the client results in messages such as: *** The daemon shut down the communication *** nessus: nessusd abruptly shut the communication \ down - the test may be incomplete and then the server is off spinning in some CPU loop, and the client is doing nothing much. This happens before the server has sent any packets to the target host. I could obviously provide more details about what errors I'm seeing, but it seems odd to me that I'm having problems with so many plugins, and yet a quick skim of various mailing lists don't show anyone else having these problems. I had been running 6.x-stable as of about a month ago, so I updated my machine to the status as of this morning, and that didn't seem to help much. I'm running on a single-CPU Athlon (i386, not amd64) machine. Are other people here running nessus (2.2.6) with the "registered plugins"? (not the commercial registration). -- Garance Alistair Drosehn = gad@gilead.netel.rpi.edu Senior Systems Programmer or gad@freebsd.org Rensselaer Polytechnic Institute or drosih@rpi.edu