Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 26 Sep 2011 13:59:53 +0200 (CEST)
From:      =?ISO-8859-1?Q?Trond_Endrest=F8l?= <Trond.Endrestol@fagskolen.gjovik.no>
To:        "Michael D. Norwick" <mnorwick@centurytel.net>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: Trying to build Nessus 4 from ports
Message-ID:  <alpine.BSF.2.00.1109261334540.6659@mail.fig.ol.no>
In-Reply-To: <4E805DFA.2020501@centurytel.net>
References:  <4E7BEA42.4020004@a1poweruser.com> <4E7CFA99.9000801@centurytel.net> <4E7E4A9D.70901@gmail.com> <alpine.BSF.2.00.1109251704390.6659@mail.fig.ol.no> <4E805DFA.2020501@centurytel.net>

next in thread | previous in thread | raw e-mail | index | archive | help
  This message is in MIME format.  The first part should be readable text,
  while the remaining parts are likely unreadable without MIME-aware tools.

--2055831798-1389920680-1317038394=:6659
Content-Type: TEXT/PLAIN; charset=ISO-8859-1
Content-Transfer-Encoding: 8BIT

On Mon, 26 Sep 2011 06:11-0500, Michael D. Norwick wrote:

> On 09/25/11 10:08, Trond Endrestøl wrote:
> > On Sat, 24 Sep 2011 23:24+0200, Andrei Brezan wrote:
> > 
> > > On 23/09/2011 23:31, Michael D. Norwick wrote:
> > > > Good Day
> > > > 
> > > > Trying to build /usr/ports/security/nessus on FreeBSD 9-beta2 with ports
> > > > updated via - portsnap fetch update - completed 09/22/2011.  The result
> > > > from
> > > > #>make;
> > > > 
> > > > ===>   Applying FreeBSD patches for nessus-libraries-2.2.9_1
> > > > ===>    nessus-libraries-2.2.9_1 depends on executable: bison - found
> > > > ===>    nessus-libraries-2.2.9_1 depends on package: libtool>=2.4 -
> > > > found
> > > > ===>   Configuring for nessus-libraries-2.2.9_1
> > > > ********************************************************
> > > > *                   W a r n i n g                      *
> > > > *                                                      *
> > > > * Nessus needs Berkeley Packet Filter (bpf).           *
> > > > * To use nessus, your kernel must be rebuilt with bpf, *
> > > > * and make bpf devices on /dev directory.              *
> > > > *                                                      *
> > > > * Be sure to build as many bpf devices as you need.    *
> > > > * For more info on this read files/README.BPF          *
> > > > ********************************************************
> > > > *** Error code 1


By looking at security/nessus-libraries/Makefile, I think the logic 
for checking the availability of bpf is perhaps out of touch with 9.0:

.if ! defined(NESSUS_CLIENT_ONLY)
MANUAL_PACKAGE_BUILD=   needs /dev/bpf which is not available in pointyhat jail
pre-configure:
        @if [ ! -c /dev/bpf1 ]; then \
            ${ECHO} "********************************************************";\
            ${ECHO} "*                   W a r n i n g                      *";\
            ${ECHO} "*                                                      *";\
            ${ECHO} "* Nessus needs Berkeley Packet Filter (bpf).           *";\
            ${ECHO} "* To use nessus, your kernel must be rebuilt with bpf, *";\
            ${ECHO} "* and make bpf devices on /dev directory.              *";\
            ${ECHO} "*                                                      *";\
            ${ECHO} "* Be sure to build as many bpf devices as you need.    *";\
            ${ECHO} "* For more info on this read files/README.BPF          *";\
            ${ECHO} "********************************************************";\
            ${FALSE}; \
        fi
.if ! defined(WITH_NESSUS_BPF_SHARE)
        @if [ ! -c /dev/bpf40 ]; then \
            ${ECHO} "********************************************************";\
            ${ECHO} "*                   W a r n i n g                      *";\
            ${ECHO} "*                                                      *";\
            ${ECHO} "* Nessus needs many bpf devices. If you can't rebuild  *";\
            ${ECHO} "* your kernel with more than 40 bpf devices (as        *";\
            ${ECHO} "* described in files/README.BPF) then build this port  *";\
            ${ECHO} "* with \"make -DWITH_NESSUS_BPF_SHARE\"                  *";\
            ${ECHO} "*                                                      *";\
            ${ECHO} "********************************************************";\
            ${FALSE}; \
        fi
.endif
.endif

By issuing these commands was I able to resume building 
security/nessus-libraries:

ln -s bpf /dev/bpf1
ln -s bpf /dev/bpf40

The build ran fine until I hit upon this snag:

===>  Building for nessus-libraries-2.2.9_1
Creating nessus-config ...
cd libpcap-nessus && make
libtool gcc -pipe -O2 -pipe -fno-strict-aliasing  -O2 -O2 -pipe -fno-strict-aliasing -I.  -I../../include -DHAVE_CONFIG_H  -DNESSUS_ON_SSL   -DHAVE_SYS_IOCCOM_H=1 -DHAVE_SYS_SOCKIO_H=1 -DHAVE_ETHER_HOSTTON=1 -DHAVE_STRERROR=1 -DHAVE_SOCKADDR_SA_LEN=1 -I. -DHAVE_SSL -I/usr/include/openssl -I/usr/ports/security/nessus-libraries/work/nessus-libraries/include -I/usr/ports/security/nessus-libraries/work/nessus-libraries/libpcap-nessus -c ./pcap-bpf.c
libtool: you must specify a MODE
libtool: Try `libtool --help' for more information.
*** Error code 1

Stop in /usr/ports/security/nessus-libraries/work/nessus-libraries/libpcap-nessus.
*** Error code 1 (ignored)
cd libnessus && make
libtool gcc -pipe -I../ -DHAVE_CONFIG_H  -DNESSUS_ON_SSL  -I. -DHAVE_SSL -I/usr/include/openssl -I/usr/ports/security/nessus-libraries/work/nessus-libraries/include -I/usr/ports/security/nessus-libraries/work/nessus-libraries/libpcap-nessus -O2 -pipe -fno-strict-aliasing  -g -c plugutils.c
libtool: you must specify a MODE
libtool: Try `libtool --help' for more information.
*** Error code 1

Stop in /usr/ports/security/nessus-libraries/work/nessus-libraries/libnessus.
*** Error code 1

Stop in /usr/ports/security/nessus-libraries/work/nessus-libraries.
*** Error code 1

Stop in /usr/ports/security/nessus-libraries.
*** Error code 1

Stop in /usr/ports/security/nessus-libnasl.
*** Error code 1

Stop in /usr/ports/security/nessus.

Running make as make -DWITH_NESSUS_BPF_SHARE made no difference, even 
after removing the security/nessus-libraries/work and 
security/nessus-libnasl/work directories.

It looks like the maintainer needs to get his/her hands dirty for 
nessus to work in 9.0.

Trond.

> > > > Stop in /usr/ports/security/nessus-libraries.
> > > > *** Error code 1
> > > > 
> > > > Stop in /usr/ports/security/nessus-libnasl.
> > > > *** Error code 1
> > > > 
> > > > Stop in /usr/ports/security/nessus.
> > > > 
> > > >  From an earlier post on freebsd-questions I added;
> > > > 
> > > > # Historically X depended on this, but version 4.3.0 doesn't seem to
> > > > anymore
> > > > #link    ttyv0    vga
> > > > 
> > > > # Commonly used by many ports
> > > > #link    acd0    cdrom
> > > > 
> > > > # Allow a user in the wheel group to query the smb0 device
> > > > #perm    smb0    0660
> > > > 
> > > > # Allow members of group operator to cat things to the speaker
> > > > #own    speaker    root:operator
> > > > #perm    speaker    0660
> > > > 
> > > > own     bpf0    root:bpf
> > > > perm    bpf0    0640
> > Sorry for leaping in, but I think you should change bpf0 to bpf only.
> > See below.
> > 
> > > > own     bpf1    root:bpf
> > > > perm    bpf1    0640
> > > > own     bpf2    root:bpf
> > > > perm    bpf2    0640
> > > > own    bpf3    root:bpf
> > > > perm    bpf3    0640
> > > > own    bpf4    root:bpf
> > > > perm    bpf4    0640
> > > > 
> > > > to /etc/devfs.conf.  But I still get;
> > > > 
> > > > crw-r-----  1 root  bpf         0,  11 Sep 22 21:14 bpf
> > > > lrwxr-xr-x  1 root  wheel            3 Sep 22 21:14 bpf0 ->  bpf
> > > > crw-rw-rw-  1 root  wheel       0,  49 Sep 22 21:14 bpsm0
> > Looking at this listing, bpf0 is a symlink to bpf, thus
> > /etc/devfs.conf should manage /dev/bpf and not /dev/bpf0.
> > 
> > > > in /dev after rebooting.  Do I require a statement in rc.conf or
> > > > loader.conf
> > > > to activate more bpf devices?  Am I editing the right file the wrong
> > > > way?
> > > > The proper handbook chapter escapes me right now.
> > > > 
> > > > Previous to trying to build nessus from ports I built a new kernel with
> > > > -
> > > > device      bpf     enabled.
> > > > 
> > > > Thank You,
> > > > Michael
> > > I would suggest to get the package from tenable.com and install it via
> > > pkg_add. That's how it worked for me but on FreeBSD 8.2-stable. Might
> > > worth a
> > > shot.
> > > 
> > > Regards,
> > 
> > Trond.
> > 
> Good Day;
> 
> Still no joy trying to build from source via ports or installing the binary
> from tenable.com on FreeBSD 9.  nessusd is installed but errors out with
> 'libz.so.5 not found.  I have;
> 
> $ ls -l /lib/libz.*
> -r--r--r--  1 root  wheel  90328 Sep 26 05:46 /lib/libz.so.6
> 
> and
> 
> $ ls -l /usr/lib32/libz.*
> -r--r--r--  1 root  wheel  90828 Sep 26 05:48 /usr/lib32/libz.a
> lrwxr-xr-x  1 root  wheel      9 Sep 26 05:48 /usr/lib32/libz.so -> libz.so.6
> -r--r--r--  1 root  wheel  76808 Sep 26 05:48 /usr/lib32/libz.so.6
> 
> and
> 
> $ ls -l /usr/lib/libz.*
> -r--r--r--  1 root  wheel  126192 Sep 26 05:46 /usr/lib/libz.a
> lrwxr-xr-x  1 root  wheel      14 Sep 26 05:46 /usr/lib/libz.so ->
> /lib/libz.so.6
> 
> on new world built last night.
> 
> From /usr/ports/security/nessus-libraries/files/README.bpf
> 
> "Nessus uses the pcap library, which uses the berkeley packet filter (bpf)
> to do its job.
> 
> Since Nessus used multiple processes, several pcap-aware plugins will
> need to access the the bpf at the same time.
> 
> This means that you need to recompile your kernel with the following option:
> 
> pseudo-device   bpf
> 
> If for instance you want to have 10 nessusd running at the same time,
> each running 5 plugins in parallel, you should create 50 (10 * 5) bpfs
> (as nessusd is extremely lightweight, you can expect to have this amount
>  of processes running at the same time)
> 
> If you plan to scan a whole network, we recommand you create at least
> 100 of them.
> 
> Once your kernel has been rebuilt, get root, cd to /dev
> and do:
> 
>       ./MAKEDEV bpf+100
> 
> For FreeBSD 5.x this is not needed since the devfs creates devices when
> needed.
> 
> If you can not recompile your kernel, you can try to run the configure
> script with the option --enable-bpf-sharing. In this case, nessusd will
> try to share one /dev/bpf among multiple processes and do the filtering
> in userland. NOTE THAT THIS OPTION IS HIGHLY EXPERIMENTAL AND WE DO
> NOT RECOMMAND ENABLING IT."
> 
> Is this referring to an 8.2 system?
> psuedo-device does not work on 9.0 kernel source.
> 
> Have not tried the MAKEDEV command yet because I do not know if I need to
> continue since I cannot get the daemon to start.
> 
> Thank You,
> 
> Michael

-- 
----------------------------------------------------------------------
Trond Endrestøl                  | Trond.Endrestol@fagskolen.gjovik.no
ACM, NAS, NUUG, SAGE, USENIX     |    FreeBSD 8.2-STABLE & Alpine 2.00
--2055831798-1389920680-1317038394=:6659--



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?alpine.BSF.2.00.1109261334540.6659>