From owner-freebsd-questions@FreeBSD.ORG Mon Sep 26 12:00:19 2011 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 721CF10656DA for ; Mon, 26 Sep 2011 12:00:19 +0000 (UTC) (envelope-from trond@fagskolen.gjovik.no) Received: from smtp.fagskolen.gjovik.no (smtp.fagskolen.gjovik.no [IPv6:2001:700:1100:1:200:ff:fe00:b]) by mx1.freebsd.org (Postfix) with ESMTP id 2D4F08FC12 for ; Mon, 26 Sep 2011 12:00:09 +0000 (UTC) Received: from mail.fig.ol.no (localhost [127.0.0.1]) by mail.fig.ol.no (8.14.4/8.14.4) with ESMTP id p8QBxsvg009959 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 26 Sep 2011 13:59:54 +0200 (CEST) (envelope-from trond@fagskolen.gjovik.no) Received: from localhost (trond@localhost) by mail.fig.ol.no (8.14.4/8.14.4/Submit) with ESMTP id p8QBxrvg009955; Mon, 26 Sep 2011 13:59:54 +0200 (CEST) (envelope-from trond@fagskolen.gjovik.no) X-Authentication-Warning: mail.fig.ol.no: trond owned process doing -bs Date: Mon, 26 Sep 2011 13:59:53 +0200 (CEST) From: =?ISO-8859-1?Q?Trond_Endrest=F8l?= Sender: Trond.Endrestol@fagskolen.gjovik.no To: "Michael D. Norwick" In-Reply-To: <4E805DFA.2020501@centurytel.net> Message-ID: References: <4E7BEA42.4020004@a1poweruser.com> <4E7CFA99.9000801@centurytel.net> <4E7E4A9D.70901@gmail.com> <4E805DFA.2020501@centurytel.net> User-Agent: Alpine 2.00 (BSF 1167 2008-08-23) Organization: =?ISO-8859-1?Q?Fagskolen_i_Gj=F8vik?= OpenPGP: url=http://fig.ol.no/~trond/trond.key MIME-Version: 1.0 Content-Type: MULTIPART/MIXED; BOUNDARY="2055831798-1389920680-1317038394=:6659" X-Spam-Status: No, score=-1.5 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_50 autolearn=ham version=3.3.0 X-Spam-Checker-Version: SpamAssassin 3.3.0 (2010-01-18) on mail.fig.ol.no Cc: freebsd-questions@freebsd.org Subject: Re: Trying to build Nessus 4 from ports X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 Sep 2011 12:00:19 -0000 This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. --2055831798-1389920680-1317038394=:6659 Content-Type: TEXT/PLAIN; charset=ISO-8859-1 Content-Transfer-Encoding: 8BIT On Mon, 26 Sep 2011 06:11-0500, Michael D. Norwick wrote: > On 09/25/11 10:08, Trond Endrestøl wrote: > > On Sat, 24 Sep 2011 23:24+0200, Andrei Brezan wrote: > > > > > On 23/09/2011 23:31, Michael D. Norwick wrote: > > > > Good Day > > > > > > > > Trying to build /usr/ports/security/nessus on FreeBSD 9-beta2 with ports > > > > updated via - portsnap fetch update - completed 09/22/2011. The result > > > > from > > > > #>make; > > > > > > > > ===> Applying FreeBSD patches for nessus-libraries-2.2.9_1 > > > > ===> nessus-libraries-2.2.9_1 depends on executable: bison - found > > > > ===> nessus-libraries-2.2.9_1 depends on package: libtool>=2.4 - > > > > found > > > > ===> Configuring for nessus-libraries-2.2.9_1 > > > > ******************************************************** > > > > * W a r n i n g * > > > > * * > > > > * Nessus needs Berkeley Packet Filter (bpf). * > > > > * To use nessus, your kernel must be rebuilt with bpf, * > > > > * and make bpf devices on /dev directory. * > > > > * * > > > > * Be sure to build as many bpf devices as you need. * > > > > * For more info on this read files/README.BPF * > > > > ******************************************************** > > > > *** Error code 1 By looking at security/nessus-libraries/Makefile, I think the logic for checking the availability of bpf is perhaps out of touch with 9.0: .if ! defined(NESSUS_CLIENT_ONLY) MANUAL_PACKAGE_BUILD= needs /dev/bpf which is not available in pointyhat jail pre-configure: @if [ ! -c /dev/bpf1 ]; then \ ${ECHO} "********************************************************";\ ${ECHO} "* W a r n i n g *";\ ${ECHO} "* *";\ ${ECHO} "* Nessus needs Berkeley Packet Filter (bpf). *";\ ${ECHO} "* To use nessus, your kernel must be rebuilt with bpf, *";\ ${ECHO} "* and make bpf devices on /dev directory. *";\ ${ECHO} "* *";\ ${ECHO} "* Be sure to build as many bpf devices as you need. *";\ ${ECHO} "* For more info on this read files/README.BPF *";\ ${ECHO} "********************************************************";\ ${FALSE}; \ fi .if ! defined(WITH_NESSUS_BPF_SHARE) @if [ ! -c /dev/bpf40 ]; then \ ${ECHO} "********************************************************";\ ${ECHO} "* W a r n i n g *";\ ${ECHO} "* *";\ ${ECHO} "* Nessus needs many bpf devices. If you can't rebuild *";\ ${ECHO} "* your kernel with more than 40 bpf devices (as *";\ ${ECHO} "* described in files/README.BPF) then build this port *";\ ${ECHO} "* with \"make -DWITH_NESSUS_BPF_SHARE\" *";\ ${ECHO} "* *";\ ${ECHO} "********************************************************";\ ${FALSE}; \ fi .endif .endif By issuing these commands was I able to resume building security/nessus-libraries: ln -s bpf /dev/bpf1 ln -s bpf /dev/bpf40 The build ran fine until I hit upon this snag: ===> Building for nessus-libraries-2.2.9_1 Creating nessus-config ... cd libpcap-nessus && make libtool gcc -pipe -O2 -pipe -fno-strict-aliasing -O2 -O2 -pipe -fno-strict-aliasing -I. -I../../include -DHAVE_CONFIG_H -DNESSUS_ON_SSL -DHAVE_SYS_IOCCOM_H=1 -DHAVE_SYS_SOCKIO_H=1 -DHAVE_ETHER_HOSTTON=1 -DHAVE_STRERROR=1 -DHAVE_SOCKADDR_SA_LEN=1 -I. -DHAVE_SSL -I/usr/include/openssl -I/usr/ports/security/nessus-libraries/work/nessus-libraries/include -I/usr/ports/security/nessus-libraries/work/nessus-libraries/libpcap-nessus -c ./pcap-bpf.c libtool: you must specify a MODE libtool: Try `libtool --help' for more information. *** Error code 1 Stop in /usr/ports/security/nessus-libraries/work/nessus-libraries/libpcap-nessus. *** Error code 1 (ignored) cd libnessus && make libtool gcc -pipe -I../ -DHAVE_CONFIG_H -DNESSUS_ON_SSL -I. -DHAVE_SSL -I/usr/include/openssl -I/usr/ports/security/nessus-libraries/work/nessus-libraries/include -I/usr/ports/security/nessus-libraries/work/nessus-libraries/libpcap-nessus -O2 -pipe -fno-strict-aliasing -g -c plugutils.c libtool: you must specify a MODE libtool: Try `libtool --help' for more information. *** Error code 1 Stop in /usr/ports/security/nessus-libraries/work/nessus-libraries/libnessus. *** Error code 1 Stop in /usr/ports/security/nessus-libraries/work/nessus-libraries. *** Error code 1 Stop in /usr/ports/security/nessus-libraries. *** Error code 1 Stop in /usr/ports/security/nessus-libnasl. *** Error code 1 Stop in /usr/ports/security/nessus. Running make as make -DWITH_NESSUS_BPF_SHARE made no difference, even after removing the security/nessus-libraries/work and security/nessus-libnasl/work directories. It looks like the maintainer needs to get his/her hands dirty for nessus to work in 9.0. Trond. > > > > Stop in /usr/ports/security/nessus-libraries. > > > > *** Error code 1 > > > > > > > > Stop in /usr/ports/security/nessus-libnasl. > > > > *** Error code 1 > > > > > > > > Stop in /usr/ports/security/nessus. > > > > > > > > From an earlier post on freebsd-questions I added; > > > > > > > > # Historically X depended on this, but version 4.3.0 doesn't seem to > > > > anymore > > > > #link ttyv0 vga > > > > > > > > # Commonly used by many ports > > > > #link acd0 cdrom > > > > > > > > # Allow a user in the wheel group to query the smb0 device > > > > #perm smb0 0660 > > > > > > > > # Allow members of group operator to cat things to the speaker > > > > #own speaker root:operator > > > > #perm speaker 0660 > > > > > > > > own bpf0 root:bpf > > > > perm bpf0 0640 > > Sorry for leaping in, but I think you should change bpf0 to bpf only. > > See below. > > > > > > own bpf1 root:bpf > > > > perm bpf1 0640 > > > > own bpf2 root:bpf > > > > perm bpf2 0640 > > > > own bpf3 root:bpf > > > > perm bpf3 0640 > > > > own bpf4 root:bpf > > > > perm bpf4 0640 > > > > > > > > to /etc/devfs.conf. But I still get; > > > > > > > > crw-r----- 1 root bpf 0, 11 Sep 22 21:14 bpf > > > > lrwxr-xr-x 1 root wheel 3 Sep 22 21:14 bpf0 -> bpf > > > > crw-rw-rw- 1 root wheel 0, 49 Sep 22 21:14 bpsm0 > > Looking at this listing, bpf0 is a symlink to bpf, thus > > /etc/devfs.conf should manage /dev/bpf and not /dev/bpf0. > > > > > > in /dev after rebooting. Do I require a statement in rc.conf or > > > > loader.conf > > > > to activate more bpf devices? Am I editing the right file the wrong > > > > way? > > > > The proper handbook chapter escapes me right now. > > > > > > > > Previous to trying to build nessus from ports I built a new kernel with > > > > - > > > > device bpf enabled. > > > > > > > > Thank You, > > > > Michael > > > I would suggest to get the package from tenable.com and install it via > > > pkg_add. That's how it worked for me but on FreeBSD 8.2-stable. Might > > > worth a > > > shot. > > > > > > Regards, > > > > Trond. > > > Good Day; > > Still no joy trying to build from source via ports or installing the binary > from tenable.com on FreeBSD 9. nessusd is installed but errors out with > 'libz.so.5 not found. I have; > > $ ls -l /lib/libz.* > -r--r--r-- 1 root wheel 90328 Sep 26 05:46 /lib/libz.so.6 > > and > > $ ls -l /usr/lib32/libz.* > -r--r--r-- 1 root wheel 90828 Sep 26 05:48 /usr/lib32/libz.a > lrwxr-xr-x 1 root wheel 9 Sep 26 05:48 /usr/lib32/libz.so -> libz.so.6 > -r--r--r-- 1 root wheel 76808 Sep 26 05:48 /usr/lib32/libz.so.6 > > and > > $ ls -l /usr/lib/libz.* > -r--r--r-- 1 root wheel 126192 Sep 26 05:46 /usr/lib/libz.a > lrwxr-xr-x 1 root wheel 14 Sep 26 05:46 /usr/lib/libz.so -> > /lib/libz.so.6 > > on new world built last night. > > From /usr/ports/security/nessus-libraries/files/README.bpf > > "Nessus uses the pcap library, which uses the berkeley packet filter (bpf) > to do its job. > > Since Nessus used multiple processes, several pcap-aware plugins will > need to access the the bpf at the same time. > > This means that you need to recompile your kernel with the following option: > > pseudo-device bpf > > If for instance you want to have 10 nessusd running at the same time, > each running 5 plugins in parallel, you should create 50 (10 * 5) bpfs > (as nessusd is extremely lightweight, you can expect to have this amount > of processes running at the same time) > > If you plan to scan a whole network, we recommand you create at least > 100 of them. > > Once your kernel has been rebuilt, get root, cd to /dev > and do: > > ./MAKEDEV bpf+100 > > For FreeBSD 5.x this is not needed since the devfs creates devices when > needed. > > If you can not recompile your kernel, you can try to run the configure > script with the option --enable-bpf-sharing. In this case, nessusd will > try to share one /dev/bpf among multiple processes and do the filtering > in userland. NOTE THAT THIS OPTION IS HIGHLY EXPERIMENTAL AND WE DO > NOT RECOMMAND ENABLING IT." > > Is this referring to an 8.2 system? > psuedo-device does not work on 9.0 kernel source. > > Have not tried the MAKEDEV command yet because I do not know if I need to > continue since I cannot get the daemon to start. > > Thank You, > > Michael -- ---------------------------------------------------------------------- Trond Endrestøl | Trond.Endrestol@fagskolen.gjovik.no ACM, NAS, NUUG, SAGE, USENIX | FreeBSD 8.2-STABLE & Alpine 2.00 --2055831798-1389920680-1317038394=:6659--