Date: Tue, 14 Oct 2008 17:07:38 -0500 From: Erik Osterholm <freebsd-lists-erik@erikosterholm.org> To: freebsd-questions@freebsd.org Subject: nmap and Nessus in a jail -- scans fail Message-ID: <20081014220738.GA76816@aleph.cepheid.org>
next in thread | raw e-mail | index | archive | help
Hi all, Running 7.0-RELEASE-p2, I set up a jail from which to perform NMAP and Nessus scans. I set the sysctl security.jail.allow_raw_sockets=1, which I expected to prevent any problems. Unfortunately, I'm getting this whenever I try to NMAP: $ sudo nmap -P0 localhost Starting Nmap 4.76 ( http://nmap.org ) at 2008-10-14 16:56 CDT WARNING: Unable to find appropriate interface for system route to xxx.xx.xx.xx WARNING: Unable to find appropriate interface for system route to 127.0.0.1 nexthost: failed to determine route to 127.0.0.1 QUITTING! Nessus scans fail shortly after being started if port scanning is enabled. If port scanning is disabled, the vulnerability scan succeeds. Identical configurations outside of a jail work just fine, which lead me to believe that the Nessus and NMAP issues are related to the processes being jailed. $ sysctl -a | grep jail security.jail.jailed: 1 security.jail.mount_allowed: 0 security.jail.chflags_allowed: 1 security.jail.allow_raw_sockets: 1 security.jail.enforce_statfs: 2 security.jail.sysvipc_allowed: 0 security.jail.socket_unixiproute_only: 1 security.jail.set_hostname_allowed: 1 Anyone have any hope for me? Erik
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20081014220738.GA76816>