From owner-freebsd-questions@FreeBSD.ORG Mon Sep 26 11:11:58 2011 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7E8B0106568E for ; Mon, 26 Sep 2011 11:11:58 +0000 (UTC) (envelope-from mnorwick@centurytel.net) Received: from mail958c35.nsolutionszone.com (mail958c35.nsolutionszone.com [209.235.152.148]) by mx1.freebsd.org (Postfix) with ESMTP id 2D3088FC0A for ; Mon, 26 Sep 2011 11:11:57 +0000 (UTC) X-Authenticated-User: mnorwick.centurytel.net Received: from bucksnort.norwickhouse.net (174-124-9-3.dyn.centurytel.net [174.124.9.3]) (authenticated bits=0) by mail958c35.nsolutionszone.com (8.13.6/8.13.1) with ESMTP id p8QBBsCZ027392 for ; Mon, 26 Sep 2011 11:11:56 GMT Message-ID: <4E805DFA.2020501@centurytel.net> Date: Mon, 26 Sep 2011 06:11:54 -0500 From: "Michael D. Norwick" User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:6.0) Gecko/20110829 Thunderbird/6.0 MIME-Version: 1.0 To: freebsd-questions@freebsd.org References: <4E7BEA42.4020004@a1poweruser.com> <4E7CFA99.9000801@centurytel.net> <4E7E4A9D.70901@gmail.com> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 8bit X-CSC: 0 X-CHA: v=1.1 cv=HSm6ZeTCn6xz22Hco5dzZj8hW8q3fPPzPTwFgUiuBMA= c=1 sm=1 a=_tW4y8GFV1YA:10 a=xHkZ1hmk6UIA:10 a=3WPTVEtZbjMA:10 a=8nJEP1OIZ-IA:10 a=sN1ymm187tx0Nq4bb7dXQQ==:17 a=wVmefGLtAAAA:8 a=HWd14TPiKbIQFfOaEf4A:9 a=32LPBgtmbxhC0s_3VaIA:7 a=wPNLvfGTeEIA:10 a=9xu485WUS9gA:10 a=sN1ymm187tx0Nq4bb7dXQQ==:117 Subject: Re: Trying to build Nessus 4 from ports X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 Sep 2011 11:11:58 -0000 On 09/25/11 10:08, Trond Endrestøl wrote: > On Sat, 24 Sep 2011 23:24+0200, Andrei Brezan wrote: > >> On 23/09/2011 23:31, Michael D. Norwick wrote: >>> Good Day >>> >>> Trying to build /usr/ports/security/nessus on FreeBSD 9-beta2 with ports >>> updated via - portsnap fetch update - completed 09/22/2011. The result from >>> #>make; >>> >>> ===> Applying FreeBSD patches for nessus-libraries-2.2.9_1 >>> ===> nessus-libraries-2.2.9_1 depends on executable: bison - found >>> ===> nessus-libraries-2.2.9_1 depends on package: libtool>=2.4 - found >>> ===> Configuring for nessus-libraries-2.2.9_1 >>> ******************************************************** >>> * W a r n i n g * >>> * * >>> * Nessus needs Berkeley Packet Filter (bpf). * >>> * To use nessus, your kernel must be rebuilt with bpf, * >>> * and make bpf devices on /dev directory. * >>> * * >>> * Be sure to build as many bpf devices as you need. * >>> * For more info on this read files/README.BPF * >>> ******************************************************** >>> *** Error code 1 >>> >>> Stop in /usr/ports/security/nessus-libraries. >>> *** Error code 1 >>> >>> Stop in /usr/ports/security/nessus-libnasl. >>> *** Error code 1 >>> >>> Stop in /usr/ports/security/nessus. >>> >>> From an earlier post on freebsd-questions I added; >>> >>> # Historically X depended on this, but version 4.3.0 doesn't seem to anymore >>> #link ttyv0 vga >>> >>> # Commonly used by many ports >>> #link acd0 cdrom >>> >>> # Allow a user in the wheel group to query the smb0 device >>> #perm smb0 0660 >>> >>> # Allow members of group operator to cat things to the speaker >>> #own speaker root:operator >>> #perm speaker 0660 >>> >>> own bpf0 root:bpf >>> perm bpf0 0640 > Sorry for leaping in, but I think you should change bpf0 to bpf only. > See below. > >>> own bpf1 root:bpf >>> perm bpf1 0640 >>> own bpf2 root:bpf >>> perm bpf2 0640 >>> own bpf3 root:bpf >>> perm bpf3 0640 >>> own bpf4 root:bpf >>> perm bpf4 0640 >>> >>> to /etc/devfs.conf. But I still get; >>> >>> crw-r----- 1 root bpf 0, 11 Sep 22 21:14 bpf >>> lrwxr-xr-x 1 root wheel 3 Sep 22 21:14 bpf0 -> bpf >>> crw-rw-rw- 1 root wheel 0, 49 Sep 22 21:14 bpsm0 > Looking at this listing, bpf0 is a symlink to bpf, thus > /etc/devfs.conf should manage /dev/bpf and not /dev/bpf0. > >>> in /dev after rebooting. Do I require a statement in rc.conf or loader.conf >>> to activate more bpf devices? Am I editing the right file the wrong way? >>> The proper handbook chapter escapes me right now. >>> >>> Previous to trying to build nessus from ports I built a new kernel with - >>> device bpf enabled. >>> >>> Thank You, >>> Michael >> I would suggest to get the package from tenable.com and install it via >> pkg_add. That's how it worked for me but on FreeBSD 8.2-stable. Might worth a >> shot. >> >> Regards, > > Trond. > Good Day; Still no joy trying to build from source via ports or installing the binary from tenable.com on FreeBSD 9. nessusd is installed but errors out with 'libz.so.5 not found. I have; $ ls -l /lib/libz.* -r--r--r-- 1 root wheel 90328 Sep 26 05:46 /lib/libz.so.6 and $ ls -l /usr/lib32/libz.* -r--r--r-- 1 root wheel 90828 Sep 26 05:48 /usr/lib32/libz.a lrwxr-xr-x 1 root wheel 9 Sep 26 05:48 /usr/lib32/libz.so -> libz.so.6 -r--r--r-- 1 root wheel 76808 Sep 26 05:48 /usr/lib32/libz.so.6 and $ ls -l /usr/lib/libz.* -r--r--r-- 1 root wheel 126192 Sep 26 05:46 /usr/lib/libz.a lrwxr-xr-x 1 root wheel 14 Sep 26 05:46 /usr/lib/libz.so -> /lib/libz.so.6 on new world built last night. From /usr/ports/security/nessus-libraries/files/README.bpf "Nessus uses the pcap library, which uses the berkeley packet filter (bpf) to do its job. Since Nessus used multiple processes, several pcap-aware plugins will need to access the the bpf at the same time. This means that you need to recompile your kernel with the following option: pseudo-device bpf If for instance you want to have 10 nessusd running at the same time, each running 5 plugins in parallel, you should create 50 (10 * 5) bpfs (as nessusd is extremely lightweight, you can expect to have this amount of processes running at the same time) If you plan to scan a whole network, we recommand you create at least 100 of them. Once your kernel has been rebuilt, get root, cd to /dev and do: ./MAKEDEV bpf+100 For FreeBSD 5.x this is not needed since the devfs creates devices when needed. If you can not recompile your kernel, you can try to run the configure script with the option --enable-bpf-sharing. In this case, nessusd will try to share one /dev/bpf among multiple processes and do the filtering in userland. NOTE THAT THIS OPTION IS HIGHLY EXPERIMENTAL AND WE DO NOT RECOMMAND ENABLING IT." Is this referring to an 8.2 system? psuedo-device does not work on 9.0 kernel source. Have not tried the MAKEDEV command yet because I do not know if I need to continue since I cannot get the daemon to start. Thank You, Michael